OpenJS Foundation

STF Is funding the OpenJS Foundation to work on implementing improvements to the Javascript ecosystem infrastructure and security. The OpenJS foundation hosts 40 of the most widely used Javascript projects, including Node.js, jQuery, Jest, Electron, webpack, ESLint, Node-RED, Appium and more which will benefit from this investment.

This project aims to improve the security and reliability of JavaScript infrastructure, relieve the pressure on core JS project maintainers, and more broadly improve the security of the JS ecosystem of contributors and end users. This project aims to increase the security and reliability of the JavaScript ecosystem at large. Because of Javascript’s universal design and usefulness, projects that would be positively affected by this work can be found across sectors, fields and regions. Some examples:

• Wikimedia has been using OpenJS JavaScript technologies at scale to support security, performance and localization, ensuring updates are visually cohesive and readable for all languages, making Wikipedia the most translated piece of literature in the world.
• OpenJS projects are supporting the conservation efforts of large Transfrontier Conservation Areas in southern Africa through the work of the Peace Parks Foundation, and using JavaScript technologies to fight poachers and save rhinos.
• Banking and finance companies use OpenJS projects to deliver everything from consumer banking to core aspects of their technology infrastructure.

The relevance of JavaScript can also be traced to the administrative and economical level in Germany and the EU:

• The German Platform Industrie 4.0 had identified Node.js as key for the web technology layer for applications in the context of digitalisation of industry.
• Europeana have developed a Node.js module for the Europeana API. Europeana empower the cultural heritage sector in its digital transformation.
• The EU funded SELFY project, which aims to address continuous assessments of the robustness and resilience of CCAM-enabled mobility solutions versus cyber-attacks, malfunction, misuse or system failure of the systems in use, has identified Node.js as a key technology component for their project work.

While these technologies are widely used and relied upon, by comparison there is far fewer people contributing back to these core projects. This investment aims to build a sustainable and scalable infrastructure that these contributors rely own to mantain and test these critical technologies as well as enhance their security.

STF is investing in:

1. A single scalable continuous build, test and deployment infrastructure solution to deploy across all OpenJS Foundation-hosted projects, to shift the burden of securing and maintaining infrastructure support for OpenJS projects.
2. Improving the security of several of OpenJS Foundation-hosted projects, by supporting a Security Engineering Champion who will supplement and build from the Node.js and jQuery security working group initiatives to scale across the most critical projects. The program would also advance security skills and processes among the contributor and implementer communities to strengthen the JavaScript ecosystem broadly, through audits, education and implementation of best practices.
3. Some of the OpenJS-hosted projects have reached the end of their own open source lifecycle and have become inactive. Through an infrastructure inventory and assessment, OpenJS will work with maintainers to implement a deliberate plan to sunset projects by moving to Emeritus Stage and producing required documentation.