| CARVIEW |
Security at the OpenJS Foundation
The OpenJS Foundation supports its projects by improving their security through guidance, engineering support, and structured programs.
Strengthen Your JavaScript Project
Take advantage of expert resources and hands-on support to improve your project’s security posture through insights and tools to make smart, efficient security improvements, tailored guidance through our Security Compliance Program and use our CVD resources to respond effectively to security issues.
JavaScript Resources & Tools
Security Compliance Guide
A checklist of essential security practices for OpenJS projects.
OpenPathFinder
A dashboard and automation tool for monitoring security compliance.
JavaScript SBOM & Attestation Recommendations
Evaluates tools and provides guidance on Software Bill of Materials and attestations.
Secure Release Guide
A quick reference for safely publishing to npm and managing CVEs.
CVD Program Guide & Templates
Resources for open source maintainers responding to vulnerability disclosures.
CNA Guide for Maintainers
A guide for OpenJS project maintainers to understand and engage with the OpenJS CNA.
is-my-node-vulnerable
Ensure the security of your Node.js installation by checking for known vulnerabilities.
Healthy Web Checkup
Check for the latest version of popular web technology jQuery.
Get Commercial Support for Outdated Versions
The Ecosystem Sustainability Program (ESP) helps project maintainers continue providing public support for any software version, including those covered by an ESP partner, without restrictions.
Join the Security Collaboration Space
Join our weekly Security Collaboration Space, our working group to discuss ongoing initiatives and share updates on our work. We welcome external perspectives and invite all interested participants to contribute to the conversation.
Thank you to our supporters
“At the OpenJS Foundation, security is a shared responsibility and a top priority. Our maintainers work at the frontlines of the JavaScript ecosystem, and we want to help ensure they have the tools, guidance, and support they need to protect users at every level. Through collaboration with our partners, we're raising the bar for open source security.”
Overview
JavaScript is foundational to the web, and OpenJS Foundation project maintainers are committed to securing this critical infrastructure. By collaborating with the broader ecosystem, the Foundation aims to share best practices, set baseline security standards, and secure resources to advance ambitious, transparent security goals across all OpenJS projects.
Check out the below resources to see how you can improve your security best practices, and get involved with our community.