OpenJS Foundation

We are excited to announce the launch of the Node.js LTS Upgrade and Modernization Program 🚀 😎 Data shows that roughly two-thirds of Node.js users are currently running outdated or unsupported versions, creating significant security and operational risks. To solve this, we're creating a trusted path for enterprises to move safely off legacy versions while staying aligned with the upstream project. We are also thrilled to welcome NodeSource as our inaugural program partner! Together, we’re helping organizations assess risks, manage phased upgrades, and ensure production stability. Read the full announcement and learn how your organization can participate: https://lnkd.in/gfpVAntV

Excited that Socket has joined OpenJS Foundation! Code security is more important than ever in the AI coding and agentic era! We're doing our part to help.

We're excited to announce that Socket is joining the OpenJS Foundation! Proud to support the #JavaScript ecosystem alongside so many great projects and contributors. https://lnkd.in/eMShkXrW

🎉 Exciting news! We’re thrilled to welcome Socket as our newest Silver member. Socket is doing critical work to secure the JavaScript ecosystem by helping developers identify and prevent supply chain risks. We are excited to collaborate and make open source safer for everyone! 🛡️💻 Read the full announcement here: https://hubs.la/Q043Q7qn0

GitHub is funding open source security work across dozens of projects, including OpenJS projects like Node.js and Webpack. Strong ecosystems are built through sustained investment in the software supply chain, and we appreciate GitHub's continued support of open source maintainers. 🫶 Read the article: https://lnkd.in/eJWXj27q

WHAT EVEN IS A CVE!!! ❓ Ulises Gascón breaks it down and explains what a CVE is and how it helps in our latest short. You can view all of the shorts in our series on our YouTube Channel too for more security insights 👀 https://lnkd.in/gX57dbZA

AI is changing how software vulnerabilities are discovered and how quickly they are reported. For community-led open source projects, this shift is both promising and deeply challenging. Check out our latest blog on how AI is stress-testing open source security: https://lnkd.in/gDDfsjCC Want to make an impact? Join the OpenJS Foundation. Fund the projects you rely on. Contribute engineer time where it matters.

"Looking ahead, the Lodash roadmap prioritizes stability and sustainability over expansion. The goal is not to make Lodash more ambitious, but more maintainable." Thank you to our friends at Socket for sharing about the future of Lodash!

ICYMI 👀 We're STOKED to be hosting a summit at RenderATL (Render Atlanta) this August! This summit gives stage maintainers and contributors to share real world lessons and experience. Learn more and register today: https://hubs.la/Q040NMVL0

*opens the Node.js threat model, sees a wall of text* ….. *quietly closes tab* Rafael Gonzaga shows the simple way to read the Node.js threat model by following five key sections. The more you know 🌠