OpenJS Security Working Group
March 24, 2026 · View on GitHub
OpenJS Security Working Group
Overview
The Security Working Group is an initiative of the OpenJS Foundation focused on improving security practices across the JavaScript ecosystem.
This repository serves as a central hub for guidance, shared resources, and working group outputs.
Our objectives are to:
- Strengthen the security of OpenJS projects.
- Provide maintainers with actionable guidance on security topics.
- Foster collaboration among maintainers on security topics.
- Connect JavaScript maintainers with the broader security community.
Documents & Guides
- Coordinated Vulnerability Disclosure (CVD) Guide
- Security Compliance Guidelines
- Secure Releases Guide
- npm Security Best Practices Guide
- CNA Guide for OpenJS Maintainers
- SBOM and Supply Chain Security Challenges
- Security Best Practices Badge
- Command Center for Security and Compliance
Get Involved
- Participate in discussions through GitHub issues and PRs.
- Join the
#securitychannel on the OpenJS Slack. - Attend bi-weekly Security Working Group meetings (see the OpenJS public calendar).
Working Group Members
- Chris de Almeida (@ctcpip)
- Darcy Clarke (@darcyclarke)
- Ulises Gascón (@UlisesGascon)
- Robin Ginn (@rginn)
- Jordan Harband (@ljharb)
- Steve Husak (@shusak)
- Rick Markins (@rxmarbles)
- Matt Rutkowski (@mrutkows)
- Joe Sepi (@joesepi)
- Benjamin Sternthal (@bensternthal)
- Wes Todd (@wesleytodd)
Special Thanks
This work was supported with funding from:
We are grateful for their support in making this project possible.