JavaScript touches nearly every part of the web today, and maintainers at OpenJS Foundation-hosted projects are working tirelessly to keep critical infrastructure secure. The Cross Project Council seeks to leverage its better together approach by sharing best practices, guidance, and support among OpenJS and other JS projects in the ecosystem.

Together, we hope to reduce the risk and take ambitious security goals for all our OpenJS projects. We will further define, document, communicate, and measure in an open and transparent way.

Desired outcomes include:

• Strengthen the security and sustainability of the OpenJS projects to improve the software supply chain.
• Increased security contributions (time, people and resources) from public and private organizations, and security communities.
• Increased collaboration between security communities and JavaScript project maintainers.

The purpose of this repository is to provide a central place for coordination and documentation around security best practices and resources for the JavaScript community and beyond.

If you’re interested in JavaScript and web security, join us bi-weekly on Mondays. Check out the schedule on the OpenJS public calendar: calendar.openjsf.org.

Interested parties can also join our #security channel on Slack.

• Ben Sternthal (@bensternthal)
• Chris de Almeida (@ctcpip)
• Darcy Clarke (@darcyclarke)
• Joe Sepi (@joesepi)
• Jordan Harband (@ljharb)
• Matt Rutkowski (@mrutkows)
• Michael Dawson (@mhdawson)
• Rick Markins (@rxmarbles)
• Robin Ginn (@rginn)
• Steve Husak (@shusak)
• Ulises Gascón (@UlisesGascon)

• Strengthening security for OpenJS Foundation projects - Google Docs
• Security Collab Space application
• Security at OpenJS - Google Slides
• Security at OpenJS Github issue
• OpenSSF Project Alpha selects Node.js as initial project