OpenJS Foundation
@openjsf.org
A safe and modern home for the web
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
We're testing something, please ignore this 🥸
[green-grass-grows]
[green-grass-grows]
February 10, 2026 at 8:06 PM
We're testing something, please ignore this 🥸
[green-grass-grows]
[green-grass-grows]
AI is changing how software vulnerabilities are discovered and how quickly they are reported. For community-led open source projects, this shift is both promising and deeply challenging.
Check out our latest blog on how AI is stress-testing open source security: openjsf.org/blog/ai-is-s...
Check out our latest blog on how AI is stress-testing open source security: openjsf.org/blog/ai-is-s...
February 9, 2026 at 5:30 PM
AI is changing how software vulnerabilities are discovered and how quickly they are reported. For community-led open source projects, this shift is both promising and deeply challenging.
Check out our latest blog on how AI is stress-testing open source security: openjsf.org/blog/ai-is-s...
Check out our latest blog on how AI is stress-testing open source security: openjsf.org/blog/ai-is-s...
Big year for security at OpenJS 👀
With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects.
hubs.la/Q040lXwL0
With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects.
hubs.la/Q040lXwL0
OpenJS Foundation Security Program: Annual Report 2025 | OpenJS Foundation
The OpenJS Foundation, supported by generous funding from Alpha-Omega, made significant progress strengthening security for Node.js and the wider OpenJS project ecosystem in 2025.
hubs.la
January 30, 2026 at 5:39 PM
Big year for security at OpenJS 👀
With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects.
hubs.la/Q040lXwL0
With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects.
hubs.la/Q040lXwL0
Happy Friday from our fresh collaboration page. 😎
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
January 30, 2026 at 5:38 PM
Happy Friday from our fresh collaboration page. 😎
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
Reposted by OpenJS Foundation
nvm.sh users: please upgrade to github.com/nvm-sh/nvm/r... if you're using `wget` on your system, to fix a medium vulnerability (github.com/nvm-sh/nvm/s...).
Release v0.40.4 · nvm-sh/nvm
Bug Fixes
sanitize NVM_AUTH_HEADER in wget path
nvm_has_colors: also check if stdout is a terminal
nvm_strip_path: avoid gawk-specific RT variable for mawk compatibility
nvm_get_default_packages: ...
github.com
January 29, 2026 at 11:07 PM
nvm.sh users: please upgrade to github.com/nvm-sh/nvm/r... if you're using `wget` on your system, to fix a medium vulnerability (github.com/nvm-sh/nvm/s...).
jQuery UI 1.14.2 is now available. 💙 This release includes improvements to Tabs behavior and removes the mousewheel plugin dependency.
Read the full release notes here: blog.jqueryui.com/2026/01/jque...
Read the full release notes here: blog.jqueryui.com/2026/01/jque...
jQuery UI 1.14.2 released | jQuery UI Blog
jQuery: The Write Less, Do More, JavaScript Library
blog.jqueryui.com
January 29, 2026 at 8:55 PM
jQuery UI 1.14.2 is now available. 💙 This release includes improvements to Tabs behavior and removes the mousewheel plugin dependency.
Read the full release notes here: blog.jqueryui.com/2026/01/jque...
Read the full release notes here: blog.jqueryui.com/2026/01/jque...
Big news 👀 The OpenJS Foundation is bringing a dedicated summit to RenderATL 2026. 🔥
Created by and for the JavaScript and Node.js community. Expect technical talks, real world lessons, and practical takeaways.
Check out the details + register for the conference: hubs.la/Q040sX130
Created by and for the JavaScript and Node.js community. Expect technical talks, real world lessons, and practical takeaways.
Check out the details + register for the conference: hubs.la/Q040sX130
January 27, 2026 at 3:15 PM
Big news 👀 The OpenJS Foundation is bringing a dedicated summit to RenderATL 2026. 🔥
Created by and for the JavaScript and Node.js community. Expect technical talks, real world lessons, and practical takeaways.
Check out the details + register for the conference: hubs.la/Q040sX130
Created by and for the JavaScript and Node.js community. Expect technical talks, real world lessons, and practical takeaways.
Check out the details + register for the conference: hubs.la/Q040sX130
Lodash v4.17.23 is live and features a whole new look for security 😎🔥
Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects.
Check it out 👇
hubs.la/Q03_NX2J0
Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects.
Check it out 👇
hubs.la/Q03_NX2J0
Lodash Rolls Out Major Security Overhaul | OpenJS Foundation
With the release of Lodash 4.17.23 and the publication of CVE-2025-13466, the project is making visible progress in strengthening its security posture.
hubs.la
January 21, 2026 at 8:23 PM
Lodash v4.17.23 is live and features a whole new look for security 😎🔥
Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects.
Check it out 👇
hubs.la/Q03_NX2J0
Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects.
Check it out 👇
hubs.la/Q03_NX2J0
New Security Snapshot is live.
@ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch.
Clear steps, zero panic, just a solid process that keeps users safe. 👍
@ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch.
Clear steps, zero panic, just a solid process that keeps users safe. 👍
January 15, 2026 at 5:39 PM
New Security Snapshot is live.
@ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch.
Clear steps, zero panic, just a solid process that keeps users safe. 👍
@ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch.
Clear steps, zero panic, just a solid process that keeps users safe. 👍
Oh hi. 👋 We're back with the latest Security Snapshot that covers how to publish to npm safely and with ease. ✨
@rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.
@rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.
January 5, 2026 at 4:04 PM
Oh hi. 👋 We're back with the latest Security Snapshot that covers how to publish to npm safely and with ease. ✨
@rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.
@rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.
How did Node.js help you in 2025, and what security changes do you want next year?
Drop your thoughts below. Your feedback shapes the work ahead. 🛣️
Drop your thoughts below. Your feedback shapes the work ahead. 🛣️
December 18, 2025 at 9:39 PM
How did Node.js help you in 2025, and what security changes do you want next year?
Drop your thoughts below. Your feedback shapes the work ahead. 🛣️
Drop your thoughts below. Your feedback shapes the work ahead. 🛣️
Open Visualization Collaborator Summit Recap 🤓 💻
Our OpenVis community gathered to share updates, experiments, and new ideas across the vis.gl ecosystem and related projects.
📑 Read here for a recap of the event: openjsf.org/blog/open-vi...
Our OpenVis community gathered to share updates, experiments, and new ideas across the vis.gl ecosystem and related projects.
📑 Read here for a recap of the event: openjsf.org/blog/open-vi...
December 16, 2025 at 6:33 PM
Open Visualization Collaborator Summit Recap 🤓 💻
Our OpenVis community gathered to share updates, experiments, and new ideas across the vis.gl ecosystem and related projects.
📑 Read here for a recap of the event: openjsf.org/blog/open-vi...
Our OpenVis community gathered to share updates, experiments, and new ideas across the vis.gl ecosystem and related projects.
📑 Read here for a recap of the event: openjsf.org/blog/open-vi...
How can you ACTUALLY get involved with OpenJS projects??
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
December 16, 2025 at 3:16 PM
How can you ACTUALLY get involved with OpenJS projects??
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
Introducing our newest OpenJS Foundation Gold Board Director Aaron Frost! 🤩
Frosty is the Founder of HeroDevs, and has been a long time contributor (and fan!) of the JavaScript ecosystem.
We're stoked you're on our board, Frosty!
Frosty is the Founder of HeroDevs, and has been a long time contributor (and fan!) of the JavaScript ecosystem.
We're stoked you're on our board, Frosty!
December 15, 2025 at 4:33 PM
Introducing our newest OpenJS Foundation Gold Board Director Aaron Frost! 🤩
Frosty is the Founder of HeroDevs, and has been a long time contributor (and fan!) of the JavaScript ecosystem.
We're stoked you're on our board, Frosty!
Frosty is the Founder of HeroDevs, and has been a long time contributor (and fan!) of the JavaScript ecosystem.
We're stoked you're on our board, Frosty!
Working on some shorts for you to round out 2025 and we're feelin' festive 👀
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
December 11, 2025 at 7:07 PM
Working on some shorts for you to round out 2025 and we're feelin' festive 👀
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
JavaScript is 30. Still running the web & still our favorite. 💛✨
The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.
The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.
December 5, 2025 at 8:09 PM
JavaScript is 30. Still running the web & still our favorite. 💛✨
The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.
The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.
Final reminder 💙
The JavaScriptLandia individual contributor program will end on Friday, Dec 5, 2025. Thank you to everyone who earned badges and celebrated the amazing work across the JS ecosystem.
Details: openjsf.org/blog/javascr...
Details: openjsf.org/blog/javascr...
Thank You, JavaScriptLandia Individual Contributors | OpenJS Foundation
Phasing out the JavaScriptLandia Individual Contributor Program
openjsf.org
December 5, 2025 at 4:21 PM
Final reminder 💙
The JavaScriptLandia individual contributor program will end on Friday, Dec 5, 2025. Thank you to everyone who earned badges and celebrated the amazing work across the JS ecosystem.
Details: openjsf.org/blog/javascr...
Details: openjsf.org/blog/javascr...
Thank You, JavaScriptLandia Individual Contributors | OpenJS Foundation
Phasing out the JavaScriptLandia Individual Contributor Program
openjsf.org
December 1, 2025 at 6:36 PM
The JavaScriptLandia individual contributor program will end on Friday, Dec 5, 2025. Thank you to everyone who earned badges and celebrated the amazing work across the JS ecosystem.
Details: openjsf.org/blog/javascr...
Details: openjsf.org/blog/javascr...
Things we're thankful for? OUR COMMUNITY 🤍
JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨
JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨
December 1, 2025 at 4:01 PM
Things we're thankful for? OUR COMMUNITY 🤍
JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨
JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨
SEMVER MAJORS ARE BORING 🚨
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
November 25, 2025 at 7:06 PM
SEMVER MAJORS ARE BORING 🚨
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
ICYMI: We wrote some concrete npm security suggestions for JavaScript maintainers to help guard against Shai-Hulud style attacks. 👇
openjsf.org/blog/publish...
openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 24, 2025 at 7:24 PM
ICYMI: We wrote some concrete npm security suggestions for JavaScript maintainers to help guard against Shai-Hulud style attacks. 👇
openjsf.org/blog/publish...
openjsf.org/blog/publish...
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
November 20, 2025 at 3:29 PM
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
Reposted by OpenJS Foundation
On Cloud 9.0 😶🌫️
Release details ⇣
Release details ⇣
November 19, 2025 at 1:31 AM
On Cloud 9.0 😶🌫️
Release details ⇣
Release details ⇣
Security incident? Don’t panic. Have a plan. 🤝
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
November 18, 2025 at 9:31 PM
Security incident? Don’t panic. Have a plan. 🤝
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:02 PM
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...