The Security Collaboration Space is an initiative of the OpenJS Foundation focused on improving security practices across the JavaScript ecosystem.
This repository serves as a central hub for guidance, shared resources, and working group outputs.

Our objectives are to:

• Strengthen the security of OpenJS projects.
• Provide maintainers with actionable guidance on security topics.
• Foster collaboration among maintainers on security topics.
• Connect JavaScript maintainers with the broader security community.

• Coordinated Vulnerability Disclosure (CVD) Guide
• Security Compliance Guidelines
• Secure Releases Guide
• CNA Guide for OpenJS Maintainers
• SBOM and Supply Chain Security Challenges
• Security Best Practices Badge

• Participate in discussions through GitHub issues and PRs.
• Join the #security channel on the OpenJS Slack.
• Attend bi-weekly Security Collab Space meetings (see the OpenJS public calendar).

• Chris de Almeida (@ctcpip)
• Darcy Clarke (@darcyclarke)
• Michael Dawson (@mhdawson)
• Ulises Gascón (@UlisesGascon)
• Robin Ginn (@rginn)
• Jordan Harband (@ljharb)
• Steve Husak (@shusak)
• Rick Markins (@rxmarbles)
• Matt Rutkowski (@mrutkows)
• Joe Sepi (@joesepi)
• Benjamin Sternthal (@bensternthal)

This work was supported with funding from:

• Sovereign Tech Agency
• Alpha-Omega

We are grateful for their support in making this project possible.