OpenJS Foundation
@openjsf.org
A safe and modern home for the web
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
SEMVER MAJORS ARE BORING 🚨
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
November 25, 2025 at 7:06 PM
SEMVER MAJORS ARE BORING 🚨
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors.
@rafaelgss.dev talks about why you should follow the minor releases in our latest JavaScript Security Snapshot.
ICYMI: We wrote some concrete npm security suggestions for JavaScript maintainers to help guard against Shai-Hulud style attacks. 👇
openjsf.org/blog/publish...
openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 24, 2025 at 7:24 PM
ICYMI: We wrote some concrete npm security suggestions for JavaScript maintainers to help guard against Shai-Hulud style attacks. 👇
openjsf.org/blog/publish...
openjsf.org/blog/publish...
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
November 20, 2025 at 3:29 PM
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
Reposted by OpenJS Foundation
On Cloud 9.0 😶🌫️
Release details ⇣
Release details ⇣
November 19, 2025 at 1:31 AM
On Cloud 9.0 😶🌫️
Release details ⇣
Release details ⇣
Security incident? Don’t panic. Have a plan. 🤝
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
November 18, 2025 at 9:31 PM
Security incident? Don’t panic. Have a plan. 🤝
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.
Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:02 PM
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
October’s security check‑in is here! 🚨
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
OpenJS Security Update: October 2025 | OpenJS Foundation
From new threat modeling practices to ecosystem-wide coordination, npm security discussions, and major Node.js security enhancements, this update recaps the key progress made in October 2025.
hubs.la
November 13, 2025 at 7:18 PM
October’s security check‑in is here! 🚨
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
Too many @nodejs.org users are running old versions 😬 The team is exploring changes to the release schedule to fix that.
@rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot.
Be a part of the conversation on releases: github.com/nodejs/lts-s...
@rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot.
Be a part of the conversation on releases: github.com/nodejs/lts-s...
November 13, 2025 at 5:45 PM
Too many @nodejs.org users are running old versions 😬 The team is exploring changes to the release schedule to fix that.
@rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot.
Be a part of the conversation on releases: github.com/nodejs/lts-s...
@rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot.
Be a part of the conversation on releases: github.com/nodejs/lts-s...
Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
November 11, 2025 at 3:28 PM
Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
Welcome, Perspective! Our newest incubating project brings advanced real-time analytics and visualization tools to the open source JavaScript ecosystem.
Big thanks to our friends at JP Morgan and FINOS. 💙
hubs.la/Q03Q_c8q0
Big thanks to our friends at JP Morgan and FINOS. 💙
hubs.la/Q03Q_c8q0
Perspective Joins the OpenJS Foundation as an Incubating Project | OpenJS Foundation
Perspective Joins OpenJS Foundation to Broaden Community Impact
hubs.la
October 31, 2025 at 3:13 PM
Welcome, Perspective! Our newest incubating project brings advanced real-time analytics and visualization tools to the open source JavaScript ecosystem.
Big thanks to our friends at JP Morgan and FINOS. 💙
hubs.la/Q03Q_c8q0
Big thanks to our friends at JP Morgan and FINOS. 💙
hubs.la/Q03Q_c8q0
New collab space alert 👀🚨
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
GitHub - openjs-foundation/bundler-collab-space: TBD
TBD. Contribute to openjs-foundation/bundler-collab-space development by creating an account on GitHub.
github.com
October 30, 2025 at 4:24 PM
New collab space alert 👀🚨
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
Cue the “it’s lit” joke 🔥
ICYMI: The Lit project has officially joined OpenJS as our newest Impact Project!
Welcome to the family, Lit.
openjsf.org/blog/lit-mov...
ICYMI: The Lit project has officially joined OpenJS as our newest Impact Project!
Welcome to the family, Lit.
openjsf.org/blog/lit-mov...
Lit Project Moves to OpenJS Foundation with Google Open Source Contribution | OpenJS Foundation
Lit joins a neutral home within the OpenJS Foundation community
openjsf.org
October 24, 2025 at 7:08 PM
Cue the “it’s lit” joke 🔥
ICYMI: The Lit project has officially joined OpenJS as our newest Impact Project!
Welcome to the family, Lit.
openjsf.org/blog/lit-mov...
ICYMI: The Lit project has officially joined OpenJS as our newest Impact Project!
Welcome to the family, Lit.
openjsf.org/blog/lit-mov...
Missed #JSConf 2025? No worries, we’ve got you. 🎬 All the talks are now on YouTube.
Watch them here: hubs.la/Q03PNmCK0
Watch them here: hubs.la/Q03PNmCK0
October 23, 2025 at 5:04 PM
Missed #JSConf 2025? No worries, we’ve got you. 🎬 All the talks are now on YouTube.
Watch them here: hubs.la/Q03PNmCK0
Watch them here: hubs.la/Q03PNmCK0
Lodash still runs half the web and now it’s getting the love it deserves. 🥹
ICYMI: Thanks to investment from the @sovereign.tech, Lodash is moving into community governance and long-term sustainability.
Read up:
🧠 blog.ulisesgascon.com/the-future-o...
🏛️ openjsf.org/blog/sta-inv...
ICYMI: Thanks to investment from the @sovereign.tech, Lodash is moving into community governance and long-term sustainability.
Read up:
🧠 blog.ulisesgascon.com/the-future-o...
🏛️ openjsf.org/blog/sta-inv...
The Future of Lodash
Lodash begins a new stage with a more collaborative and sustainable model. This post outlines the plan to simplify its maintenance, strengthen security, and ensure its key role in the JavaScript ecosy...
blog.ulisesgascon.com
October 22, 2025 at 4:22 PM
Lodash still runs half the web and now it’s getting the love it deserves. 🥹
ICYMI: Thanks to investment from the @sovereign.tech, Lodash is moving into community governance and long-term sustainability.
Read up:
🧠 blog.ulisesgascon.com/the-future-o...
🏛️ openjsf.org/blog/sta-inv...
ICYMI: Thanks to investment from the @sovereign.tech, Lodash is moving into community governance and long-term sustainability.
Read up:
🧠 blog.ulisesgascon.com/the-future-o...
🏛️ openjsf.org/blog/sta-inv...
Hey, THANK YOU JSConf! 💙
To everyone who shared their ideas, sang way too hard at karaoke, and made the hallway track feel like a family reunion... you’re the best.
That's a wrap 👏
To everyone who shared their ideas, sang way too hard at karaoke, and made the hallway track feel like a family reunion... you’re the best.
That's a wrap 👏
October 21, 2025 at 2:47 PM
Hey, THANK YOU JSConf! 💙
To everyone who shared their ideas, sang way too hard at karaoke, and made the hallway track feel like a family reunion... you’re the best.
That's a wrap 👏
To everyone who shared their ideas, sang way too hard at karaoke, and made the hallway track feel like a family reunion... you’re the best.
That's a wrap 👏
We 💙 our friends at @harperfast.bsky.social!
🚀 Big news from #JSConf!
Harper is now open source!🎉
Stephen Goldberg & @kriszyp.bsky.social dropped the announcement live on stage, and our “High Octane. Open Source.” coffee bar kept devs buzzing. ☕️
Dive in → harper.fast/start
Harper is now open source!🎉
Stephen Goldberg & @kriszyp.bsky.social dropped the announcement live on stage, and our “High Octane. Open Source.” coffee bar kept devs buzzing. ☕️
Dive in → harper.fast/start
October 16, 2025 at 8:38 PM
We 💙 our friends at @harperfast.bsky.social!
Introducing 🥁🥁🥁 our JavaScriptLandia award recipients for this year!
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
October 16, 2025 at 2:19 PM
Introducing 🥁🥁🥁 our JavaScriptLandia award recipients for this year!
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
WHEW! It’s a big week for the JavaScript community, and we're excited to celebrate these milestones at #JSConf.
🟢 @lit.dev joins OpenJS as an Impact Project
🟣 @nodesource.bsky.social joins the ESP
🔵 Lodash gets investment from @sovereign.tech
⚪ @react.dev moving to @linuxfoundation.org
🟢 @lit.dev joins OpenJS as an Impact Project
🟣 @nodesource.bsky.social joins the ESP
🔵 Lodash gets investment from @sovereign.tech
⚪ @react.dev moving to @linuxfoundation.org
October 14, 2025 at 2:40 PM
WHEW! It’s a big week for the JavaScript community, and we're excited to celebrate these milestones at #JSConf.
🟢 @lit.dev joins OpenJS as an Impact Project
🟣 @nodesource.bsky.social joins the ESP
🔵 Lodash gets investment from @sovereign.tech
⚪ @react.dev moving to @linuxfoundation.org
🟢 @lit.dev joins OpenJS as an Impact Project
🟣 @nodesource.bsky.social joins the ESP
🔵 Lodash gets investment from @sovereign.tech
⚪ @react.dev moving to @linuxfoundation.org
Reposted by OpenJS Foundation
✨ Thanks to @jddalton.bsky.social’s incredible work, #Lodash remains one of the most trusted libraries in #JavaScript.
We’re now expanding #collaboration, #governance, and #security to ensure its future.
blog.ulisesgascon.com/the-future-o...
We’re now expanding #collaboration, #governance, and #security to ensure its future.
blog.ulisesgascon.com/the-future-o...
blog.ulisesgascon.com
October 14, 2025 at 1:10 PM
✨ Thanks to @jddalton.bsky.social’s incredible work, #Lodash remains one of the most trusted libraries in #JavaScript.
We’re now expanding #collaboration, #governance, and #security to ensure its future.
blog.ulisesgascon.com/the-future-o...
We’re now expanding #collaboration, #governance, and #security to ensure its future.
blog.ulisesgascon.com/the-future-o...
Reposted by OpenJS Foundation
Lit is joining @openjsf.org! 🎉
Today at JSConf, The OpenJS Foundation announced Lit is officially joining as an Impact Project!
We're beyond excited for this move and look forward to continuing our work to build the open web with OpenJS!
Read more on our blog: lit.dev/blog/2025-10...
Today at JSConf, The OpenJS Foundation announced Lit is officially joining as an Impact Project!
We're beyond excited for this move and look forward to continuing our work to build the open web with OpenJS!
Read more on our blog: lit.dev/blog/2025-10...
Lit is Joining the OpenJS Foundation!
Lit is officially joining the OpenJS Foundation as an Impact Project!
lit.dev
October 14, 2025 at 1:35 PM
Lit is joining @openjsf.org! 🎉
Today at JSConf, The OpenJS Foundation announced Lit is officially joining as an Impact Project!
We're beyond excited for this move and look forward to continuing our work to build the open web with OpenJS!
Read more on our blog: lit.dev/blog/2025-10...
Today at JSConf, The OpenJS Foundation announced Lit is officially joining as an Impact Project!
We're beyond excited for this move and look forward to continuing our work to build the open web with OpenJS!
Read more on our blog: lit.dev/blog/2025-10...
Lit is joining OpenJS as an Impact Project! 🔥
Donated by Google Open Source, Lit powers 10,000+ custom elements inside Google and is loved for its fast, standards-based web components.
Welcome to the OpenJS family, @lit.dev!
Learn more: hubs.la/Q03Np1Mm0
Donated by Google Open Source, Lit powers 10,000+ custom elements inside Google and is loved for its fast, standards-based web components.
Welcome to the OpenJS family, @lit.dev!
Learn more: hubs.la/Q03Np1Mm0
Lit Project Moves to OpenJS Foundation with Google Open Source Contribution | OpenJS Foundation
Lit joins a neutral home within the OpenJS Foundation community
hubs.la
October 14, 2025 at 1:14 PM
Lit is joining OpenJS as an Impact Project! 🔥
Donated by Google Open Source, Lit powers 10,000+ custom elements inside Google and is loved for its fast, standards-based web components.
Welcome to the OpenJS family, @lit.dev!
Learn more: hubs.la/Q03Np1Mm0
Donated by Google Open Source, Lit powers 10,000+ custom elements inside Google and is loved for its fast, standards-based web components.
Welcome to the OpenJS family, @lit.dev!
Learn more: hubs.la/Q03Np1Mm0
Keeping Node.js secure is a team effort 🤝 @nodesource.bsky.social is joining OpenJS partner program to help keep the JavaScript ecosystem safe, stable, and sustainable by providing security support for orgs upgrading Node.js. 💚
Learn more: hubs.la/Q03Np2sh0 #JSConf
Learn more: hubs.la/Q03Np2sh0 #JSConf
NodeSource Joins OpenJS Foundation Partner Program to Support Security for Users of Older Node.js Versions | OpenJS Foundation
Through the OpenJS Ecosystem Sustainability Program, NodeSource will help organizations using outdated and unsupported versions of Node.js stay secure as they plan their upgrades.
hubs.la
October 14, 2025 at 1:09 PM
Keeping Node.js secure is a team effort 🤝 @nodesource.bsky.social is joining OpenJS partner program to help keep the JavaScript ecosystem safe, stable, and sustainable by providing security support for orgs upgrading Node.js. 💚
Learn more: hubs.la/Q03Np2sh0 #JSConf
Learn more: hubs.la/Q03Np2sh0 #JSConf
Lodash is entering a new chapter 📖 With investment from @sovereign.tech the project is getting key updates for security, modernization, and community-led governance.
Details: hubs.la/Q03NrdfR0
Details: hubs.la/Q03NrdfR0
October 14, 2025 at 1:08 PM
Lodash is entering a new chapter 📖 With investment from @sovereign.tech the project is getting key updates for security, modernization, and community-led governance.
Details: hubs.la/Q03NrdfR0
Details: hubs.la/Q03NrdfR0
Day 2⃣ at OpenVis Collab Summit! We have a great crew here in Seattle 📍☕️
October 9, 2025 at 4:22 PM
Day 2⃣ at OpenVis Collab Summit! We have a great crew here in Seattle 📍☕️