Announcing the @nodejs.org LTS Upgrade and Modernization Program! π
We're helping enterprises move safely off end-of-life Node.js versions to reduce security risks with our partnerNodeSource.
Modern Node.js is safer Node.js. Details:
openjsf.org/blog/nodejs-...
We're excited to announce that Socket is joining the @openjsf.org! Proud to support the #JavaScript ecosystem alongside so many great projects and contributors.
socket.dev/blog/socket-...
π Weβre thrilled to welcome @socket.dev as our newest Silver member.
Socket is doing critical work to secure the JavaScript ecosystem by helping developers identify and prevent supply chain risks. We're excited to collaborate and make open source safer for everyone! π‘οΈπ»
openjsf.org/blog/socket-...
GitHub is funding open source security work across dozens of projects, including OpenJS projects like @nodejs.org and Webpack.
Strong ecosystems are built through sustained investment in the software supply chain, and we appreciate @github.com's continued support of open source maintainers. π«Ά
WHAT EVEN IS A CVE!!! β
@ulisesgascon.com breaks it down and explains what a CVE is and how it helps in our latest short.
You can view all of the shorts in our series on our YouTube Channel too for more security insights π youtube.com/@OpenJSFound...
π«£
We're testing something, please ignore this π₯Έ
[green-grass-grows]
Want to make an impact? Join the OpenJS Foundation. Fund the projects you rely on. Contribute engineer time where it matters.
AI is changing how software vulnerabilities are discovered and how quickly they are reported. For community-led open source projects, this shift is both promising and deeply challenging.
Check out our latest blog on how AI is stress-testing open source security: openjsf.org/blog/ai-is-s...
Big year for security at OpenJS π
With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects.
hubs.la/Q040lXwL0
Big thanks to our Cross Project Council for getting it done πͺ
Happy Friday from our fresh collaboration page. π
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. βοΈ
openjsf.org/collaboration
nvm.sh users: please upgrade to github.com/nvm-sh/nvm/r... if you're using `wget` on your system, to fix a medium vulnerability (github.com/nvm-sh/nvm/s...).
jQuery UI 1.14.2 is now available. π This release includes improvements to Tabs behavior and removes the mousewheel plugin dependency.
Read the full release notes here: blog.jqueryui.com/2026/01/jque...
Big news π The OpenJS Foundation is bringing a dedicated summit to RenderATL 2026. π₯
Created by and for the JavaScript and Node.js community. Expect technical talks, real world lessons, and practical takeaways.
Check out the details + register for the conference: hubs.la/Q040sX130
Lodash v4.17.23 is live and features a whole new look for security ππ₯
Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects.
Check it out π
hubs.la/Q03_NX2J0
New Security Snapshot is live.
@ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch.
Clear steps, zero panic, just a solid process that keeps users safe. π
Oh hi. π We're back with the latest Security Snapshot that covers how to publish to npm safely and with ease. β¨
@rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.
How did Node.js help you in 2025, and what security changes do you want next year?
Drop your thoughts below. Your feedback shapes the work ahead. π£οΈ
Open Visualization Collaborator Summit Recap π€ π»
Our OpenVis community gathered to share updates, experiments, and new ideas across the vis.gl ecosystem and related projects.
π Read here for a recap of the event: openjsf.org/blog/open-vi...
How can you ACTUALLY get involved with OpenJS projects??
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. π
π
Interested about how we govern the OpenJS Foundation? Our website has all the details: openjsf.org/governance
Introducing our newest OpenJS Foundation Gold Board Director Aaron Frost! π€©
Frosty is the Founder of HeroDevs, and has been a long time contributor (and fan!) of the JavaScript ecosystem.
We're stoked you're on our board, Frosty!
Working on some shorts for you to round out 2025 and we're feelin' festive π
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
JavaScript is 30. Still running the web & still our favorite. πβ¨
The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.
Final reminder π
The JavaScriptLandia community awards will continue, and weβre exploring new ways to highlight community contributions. π
The JavaScriptLandia individual contributor program will end on Friday, Dec 5, 2025. Thank you to everyone who earned badges and celebrated the amazing work across the JS ecosystem.
Details: openjsf.org/blog/javascr...
Things we're thankful for? OUR COMMUNITY π€
JSConf was a blast, and our friends at HeroDevs captured it β¨ flawlessly β¨
