This project aims to provide a secure and user-friendly dashboard for managing and monitoring projects under the OpenJS Foundation. It evolves from this proof of concept (POC) and currently we are developing an MVP version (milestone roadmap).
The goal of this project is to streamline the secure management of OpenJS Foundation projects by providing an intuitive dashboard with robust infrastructure support. It emphasizes security, simplicity, and extensibility ✨
A few months ago, we started a discussion about the OpenJS Security Collab space initiative ("Security Program Standards") to build a dashboard for monitoring security parameters in our projects (Node.js, Electron, jQuery, Express, etc.). After carefully planning and securing resources, we are now at an exciting point as we’ve recently launched a pilot program with some projects. 🚀
So far, we’ve developed this website: https://openjs-security-program-standards.netlify.app/, which is based on the checklist (Google Sheet) and the introductory document (Google Doc) that we compiled during our original research. 😄
You can watch this YouTube video for a proper introduction to the Dashboard and website (both Proof of Concept versions) built based on feedback from the Express Security WG and others.
In essence, this tool collects information from multiple sources, evaluates it, transforms it into actionable insights, and uses it to build dashboards, tasks, and alerts at both the foundation and project levels. If you prefer a non-video format, here are the slides and the code repository.
Currently, we are focused on building a solid MVP and onboarding new contributors, aiming to create a great product by the end of this process. 😎
Yes, we are looking for HELP in many ways! 😇 Let’s collaborate and have fun together. You can find more information in the contributing guide. 🌟
Another great way to get involved is by participating in the OpenJS Security Collab Space. We hold regular meetings to discuss this initiative and many other exciting topics.
The project includes a technical architecture guide that provides in-depth explanations of various concepts.
- Node.js 22 and npm
- Docker and Docker Compose
- GitHub token with
repo:readaccess level (not needed for development)
This project requires a PostgreSQL database and includes an instance of Adminer accessible at http://localhost:8080.
npm run infra:startnpm run infra:stopSet the GITHUB_TOKEN environment variable to authenticate with the GitHub API.
Optionally, use a .env file:
GITHUB_TOKEN=your_github_token_here
Then load it using:
node --env-file=.env index.js workflow run --name populate-repos-listAdd a new project:
node index.js project add [--name <name>] [--github-urls <urls...>] [--category <category>]Example:
node index.js project add --name express --github-urls https://github.com/expressjs https://github.com/pillarjs https://github.com/jshttp --category impactRun a workflow:
node index.js workflow run [--name <name>]List workflows:
node index.js workflow listList all checks:
node index.js check listRun a specific check:
node index.js check run [--name <name>]There is an specific workflow that runs all the checks sequentially:
node index.js workflow run run-all-checksRun latest migrations:
npm run db:migrateRollback migrations:
npm run db:rollbackSeed the database:
npm run db:seedCheck the schema:
Refer to the latest schema file at /src/database/schema/schema.sql.
Update the schema:
npm run db:generate-schemaEnable debug logs using the DEBUG environment variable:
DEBUG=* node index.jsRun lint checks:
npm run lintFix lint issues:
npm run lint:fixRun tests:
npm testRun tests with coverage:
npm run test:coverageUpdate the snapshots when needed:
npm run test -- -uWe encourage contributors to adhere to our Code of Conduct and Contributing Guidelines. Security-related concerns should follow our Security Policy.
This project is licensed under the MIT License. See the LICENSE file for details.