https://github.com/nodejs/security-wg

Node.js Ecosystem Security Working Group
https://github.com/nodejs/security-wg

node nodejs

Last synced: 27 days ago
JSON representation

Node.js Ecosystem Security Working Group

• Host: GitHub
• URL: https://github.com/nodejs/security-wg
• Owner: nodejs
• License: mit
• Created: 2016-11-29T15:16:52.000Z (almost 8 years ago)
• Default Branch: main
• Last Pushed: 2024-04-13T16:39:54.000Z (7 months ago)
• Last Synced: 2024-04-14T00:38:26.941Z (7 months ago)
• Topics: node, nodejs
• Language: JavaScript
• Homepage:
• Size: 2.21 MB
• Stars: 481
• Watchers: 65
• Forks: 120
• Open Issues: 25
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.md
  • Codeowners: .github/CODEOWNERS
  • Governance: GOVERNANCE.md

Awesome Lists containing this project

• awesome - nodejs/security-wg - Node.js Ecosystem Security Working Group (JavaScript)

README

        
[![Node.js Security Team](https://img.shields.io/badge/Node.js-Security%20Team-green.svg)]()

[![Security Meetings](https://img.shields.io/badge/YouTube-Security%20WG%20Meetings-red.svg)](  https://www.youtube.com/channel/UCQPYJluYC_sn_Qz_XE-YbTQ/search?query=Security+meeting)

[![OpenJS Slack Invite](https://img.shields.io/badge/join%20slack%20on-nodejs--security--wg-green.svg)](https://slack-invite.openjsf.org/)

[![OpenSSF scorecard](https://api.securityscorecards.dev/projects/github.com/nodejs/security-wg/badge)](https://api.securityscorecards.dev/projects/github.com/nodejs/security-wg)

# Security Team

Table of Contents

- [Node.js Bug Bounty Program](#nodejs-bug-bounty-program)

- [Current Initiatives](#current-initiatives)

- [Current Project Team Members](#current-project-team-members)

- [Emeritus Members](#emeritus-members)

- [Code of Conduct](#code-of-conduct)

- [Moderation Policy](#moderation-policy)

This team is _not_ responsible for managing or responding to

security reports against Node.js itself. That responsibility remains with

the [Node.js TSC][].

## Node.js Bug Bounty Program

The program is managed through the HackerOne platform at [https://hackerone.com/nodejs](https://hackerone.com/nodejs) with further details.

## Current Initiatives

| Initiative           | Champion                                         | Status                                   | Links

|----------------------|--------------------------------------------------|------------------------------------------|-------------------------------------------------

| Automate Security release process | [@marco-ippolito](https://github.com/marco-ippolito) / [@RafaelGSS](https://github.com/RafaelGSS) | In Progress | [Issue #860](https://github.com/nodejs/security-wg/issues/860)

| Node.js maintainers: Threat Model | Group effort | In Progress | [Issue #1333](https://github.com/nodejs/security-wg/issues/1333) |

| Audit build process for dependencies | [@mhdawson](https://github.com/mhdawson) | TODO | [Issue #1037](https://github.com/nodejs/security-wg/issues/1037) |

## Current Project Team Members

* [fraxken](https://github.com/fraxken) - **Thomas Gentilhomme**

* [marco-ippolito](https://github.com/marco-ippolito) - **Marco Ippolito**

* [mdawson](https://github.com/mdawson) - **Michael Dawson**

* [RafaelGSS](https://github.com/RafaelGSS) - **Rafael Gonzaga**

* [ulisesGascon](https://github.com/ulisesGascon) - **Ulises Gascon**

## Emeritus Members

* [ChALkeR](https://github.com/ChALkeR) - **Сковорода Никита Андреевич**

* [DanielRuf](https://github.com/DanielRuf) - **Daniel Ruf**

* [MarcinHoppe](https://github.com/MarcinHoppe) - **Marcin Hoppe**

* [SomeoneWeird](https://github.com/SomeoneWeird) - **Adam Brady**

* [aeleuterio](https://github.com/aeleuterio) **André Eleuterio**

* [ashishkurmi](https://github.com/ashishkurmi) - **Ashish Kurmi**

* [bengl](https://github.com/bengl) - **Bryan English**

* [brycebaril](https://github.com/brycebaril) - **Bryce Baril**

* [cjihrig](https://github.com/cjihrig) - **Colin Ihrig**

* [deian](https://github.com/deian) - **Deian Stefan**

* [dgonzalez](https://github.com/dgonzalez) - **David Gonzalez**

* [digitalinfinity](https://github.com/digitalinfinity) - **Hitesh Kanwathirtha**

* [dougwilson](https://github.com/dougwilson) - **Doug Wilson**

* [drifkin](https://github.com/drifkin) - **Devon Rifkin**

* [elexy](https://github.com/Elexy) - **Alex Knol**

* [esarafianou](https://github.com/esarafianou) - **Eva Sarafianou**

* [evilpacket](https://github.com/evilpacket) - **Adam Baldwin**

* [gergelyke](https://github.com/gergelyke) - **Gergely Nemeth**

* [gibfahn](https://github.com/gibfahn) - **Gibson Fahnestock**

* [grnd](https://github.com/grnd) - **Danny Grander**

* [jasnell](https://github.com/jasnell) - **James M Snell**

* [jbergstroem](https://github.com/jbergstroem) - **Johan Bergström**

* [joshgav](https://github.com/joshgav) - **Josh Gavant**

* [karenyavine](https://github.com/karenyavine) **Karen Yavine Shemesh**

* [lirantal](https://github.com/lirantal) - **Liran Tal**

* [mcollina](https://github.com/mcollina) - **Matteo Collina**

* [mgalexander](https://github.com/mgalexander) - **Michael Alexander**

* [ofrobots](https://github.com/ofrobots) - **Ali Ijaz Sheikh**

* [pxlpnk](https://github.com/pxlpnk) - **Andreas Tiefenthaler**

* [roccomuso](https://github.com/roccomuso) - **Rocco Musolino**

* [ronperris](https://github.com/ronperris) - **Ron Perris**

* [sam-github](https://github.com/sam-github) - **Sam Roberts**

* [shigeki](https://github.com/shigeki) - **Shigeki Ohtsu**

* [vdeturckheim](https://github.com/vdeturckheim) - **Vladimir de Turckheim**

# Code of Conduct

The [Node.js Code of Conduct](https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md) applies to this team.

# Moderation Policy

The [Node.js Moderation Policy](https://github.com/nodejs/admin/blob/master/Moderation-Policy.md) applies to this team.

[Node.js TSC]: https://github.com/nodejs/TSC