-
🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.
The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.
Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.
-
🔖 The latest issue of my #newsletter is live, issue 012.
February in numbers: 5 CVEs patched across #Express & #Fastify, 5 releases shipped, and a hard conversation about whether #opensource security triage is still sustainable in the age of AI 🔐
-
🔖 The latest issue of my #newsletter is out, issue 010.
Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨
-
Just shipped a new newsletter to my GitHub Sponsors! 🎁
This one includes my latest talk, secure publishing research, #Expressjs updates, #OSSF #Scorecard improvements, and a bunch of ecosystem news.
It will be public soon, but you can read it early and support my OSS work here:
https://github.com/sponsors/UlisesGascon -
🚀 Great news!
#Netlify deployments for @openssf #scorecard are running smoothly and PR preview environments are fully live 🎉
It’s the perfect time to get involved. We have plenty of good-first-issues and help-wanted items ready for you: https://github.com/ossf/scorecard-webapp/issues?q=sort%3Aupdated-desc+state%3Aopen+label%3A%22help+wanted%22
Your contributions are welcome. Come build with us ❤️🔥
-
🚀 Recent #Lodash updates focus on stronger #CI & #security posture!
✅ CI support expanded (Node 4 → 25)
🌐 New browser tests via #Playwright
📝 Docs now have dedicated CI
🔒 Added #OpenJS #CNA escalation policy
📊 Reporting #OSSF #Scorecard
🧯 New Incident Response Plan (#IRP)
🧠 Threat Model inspired by #Express & #Webpack
More details: https://blog.ulisesgascon.com/the-future-of-lodash
-
Welcome Rafael Gonzaga to the #OpenJS #CNA team! 👏 👏 👏
https://github.com/openjs-foundation/security-collab-space/pull/297
-
🍿 Exciting news! The #OpenJS Foundation #AI Collaboration Space holds its first meeting next week.
A community hub where developers, maintainers and policy thinkers explore how #JavaScript connects billions of people to #AI.
-
Spent the last few weeks laser-focused on #SecurityCompliance for #OpenSource #maintainers, and I’m excited to introduce the #OpenPathfinder ecosystem!
Discover two community-built tools #FortSphere and #VisionBoard in action (demo included): https://openpathfinder.com/blog/welcome
-
📦 I just released ossf/[email protected] 🎉🙌🥳
The project has been donated to the @openssf making it an official tool in the #Scorecard ecosystem.
🍿Check out the release details: https://github.com/marketplace/actions/openssf-scorecard-monitor
-
I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.
I will continue working on it, so be ready for the next release!
More details about the journey: https://github.com/ossf/scorecard-monitor/issues/79
-
Yes! I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.
I will continue working on it, so be ready for the next release!
More info: https://github.com/marketplace/actions/openssf-scorecard-monitor
-
🎉 OpenSSF Scorecard Monitor version 2.0.0-beta7 is out!.
Simplify #OpenSSF #Scorecard tracking in your organization with automated #markdown and #JSON reports, plus optional #GitHub issue #alerts.
Check it out:
https://github.com/marketplace/actions/openssf-scorecard-monitor