Skip to main content

OpenJS World

From OpenJS World 2023: Revolutionizing Browser Automation: A Deep Dive into the WebDriver BiDi Project and its Integration with Selenium – Tamsil Sajid Amani

By Blog, OpenJS World

Talk from Tamsil Sajid Amani, Software Engineer at BrowserStack at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.

The web is constantly evolving, and so is how we need to test it. WebDriver BiDi is a new way to control the browser without compromising the ability to use everyday browsers that people use. It is supported by Google, Microsoft, Mozilla, and Apple, making sure all your users are getting the same level of support. It is an ergonomic and powerful tool for browser automation and testing with support for popular testing frameworks like Selenium with more control over low-level events in the browser. Attendees leave with a clear understanding of how WebDriver BiDi can be used to enhance their browser automation and testing capabilities.

Main Sections

00:00 Introduction

02:05 Browser Automation Testing Timeline

03:56 Browser Automation: Two approaches

06:48 WebDriver “Classic”

12:41 Chrome Devtools protocol

17:54 WebDriver BiDi

18:27 Collaboration

21:21 WebDriver BiDi Demo

25:15 Accessibility 

30:30 Questions

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: How the npm CLI Team Manages (Almost) 100 Open Source Projects – Luke Karrys

By Blog, OpenJS World

Talk from Luke Karrys, Senior Software Engineer at GitHub at OpenJS World 2023 in Vancouver, Canada, May 10-12.

The npm CLI team manages almost 100 different projects that account for 4,000,000,000  downloads per month. And the best part is all of it is open source! Each project includes automated releases, open bug bounties, triage for community issues and pull requests, (almost) full test coverage, and is all managed by a team of four engineers. 

In this talk, npm CLI engineer Luke Karrys covers the tooling and processes that allow the team to confidently and securely ship new releases every week for the CLI and some of the most used packages in the JavaScript ecosystem including Semver and which. In the talk, Luke details lessons the team has put into practice from their collective decades of open source experience.

Luke’s slide deck is available here.

Main Sections

0:00 Introduction

2:30 npm CLI team responsibilities

6:02 Everything is open

15:34 “Is this thing still maintained?”

20:53 So how do we do this? Patterns, process, automation, tooling

22:10 Patterns 

35:04 Process  

37:07 Automation

39:05 Tools 

40:05 Thanks!

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: Responsible Use of Node.js & Open Source Software Utilizing Best Practices at an Enterprise Level – Stephen Husak

By Blog, OpenJS World

Talk from Stephen Husak, Distinguished Engineer, Capital One at OpenJS World 2023 in Vancouver, Canada, May 10-12. 

Stephen Husak shares insights on how a large enterprise manages the risks associated with the constantly evolving vulnerability landscape. The talk begins with an overview of the security landscape in the JavaScript ecosystem. It then delves into how Capital One mitigates risks by adopting well-managed and purposeful practices when utilizing open source software. 

Stephen goes into more detail on how this is done in partnership with Capital One’s Open Source Program Office and subject matter experts across the company. Stephen describes how Capital One utilizes a working-group model as well as using process, governance, and automation tools to minimize risk and reduce developer toil. He promotes responsible usage of Node.js and its associated modules. The talk concludes with a Q&A session and Stephen provides additional resources.

Steve’s slide deck is available here.

Main Sections

0:00 Introduction

1:52 Open source software commitment to community

3:20 Capital One’s technology transformation

4:31 Attacking npm packages classes of attacks

7:05 Example of a supply chain attack – substitution attack

9:30 Reduce risk by being well-managed

11:49 Be intentional on Node.js version usage 

17:03 Use “Golden images”

20:08 Node.js / JavaScript Center of excellence

22:21 Main responsibilities of the Center of Excellence

24:44 Track package usage – A software bill of materials (SBOMs) helps audit usage 

26:15 Developers should be educated 

27:47 Evaluate packages before use 

30:48 Use tools whenever possible 

32:36 Npm package developer best practices

34:28 Npm package publishing best practices

35:25 In summary

36:09 Q&A, other resources, thank you!

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: How to Develop Custom Node-RED Connectors without Coding – Kazuhito Yokoi

By Blog, OpenJS World

Talk from Kazuhito Yokoi, Software Engineer, Hitachi, Ltd. at OpenJS World 2023 in Vancouver, Canada, May 10-12. 

To promote the use of cloud services or devices from Node-RED, companies can easily publish their original connectors to the Node-RED flow library. But creating custom connectors is a time-consuming task because it requires coding with Node-RED-specific development rules. To solve this situation, Hitachi developed the Node generator tool as one of the Node-RED projects under the OpenJS Foundation. This tool can convert to custom connectors from various sources like OpenAPI documents. Recently, this tool has supported generating custom connectors from subflow as a new source. Using the subflow functionality, all Node-RED users are able to create their original connectors from the existing Node-RED flow without coding. In this talk, Kazuhito shows how to use the tool and integrate it with GitHub Actions to release connectors to the public semi-automatically.

Kazuhito’s slide deck is available here.

Main Sections 

0:00 Introduction

1:41 Hands-on seminars

2:09 Contributed OSS connector 

3:16 What is Node-RED?

5:36 Our products and services 

6:50 What is a custom connector?

10:29 Developing connectors from subflow

13:30 GitHub actions

14:22 Steps to develop connector 

21:05 Advanced settings

22:01 Examples of OSS connectors 

23:54 WMI (Windows Management Instrumentation) connector

24:38 ZIG SIM Connector 

26:00 Stable diffusion connector 

27:00 React dashboard connectors 

28:00 Conclusion and other resources 

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: Securing Your Software Supply Chain – Darcy Clarke

By Blog, OpenJS World

Talk from Darcy Clarke, Open Source Engineer, Independent at OpenJS World 2023 in Vancouver, Canada, May 10-12.

Darcy Clarke, an independent open source engineer, highlights the constant threats and attacks faced by the software supply chain, with a particular focus on the JavaScript ecosystem. The talk explores the current state of the ecosystem, emphasizing the importance of managing dependencies, including transitive dependencies, and the various threats to the software supply chain. Darcy also shares insights using the “Create React App” project as an example. 

The presentation emphasizes the key factor of accuracy in securing the supply chain and provides practical advice, including avoiding mutable package references, using lockfiles, and caching and bundling dependencies. Darcy then discusses the existing solutions and tools available, such as security companies, advisory tools, software bill of materials (SBOMs), cryptography, scorecards, and badging. Future state solutions and tooling are also explored, focusing on introspection and validation. The session concludes with a short Q&A session and key takeaways.

Main Sections

0:00 Introduction

3:30 Why? Open Source software security is critical to our long-term success

4:04 Current state ecosystem

5:07 How? Dependencies 

7:01 Transitive dependencies 

11:01 Supply chain threats

17:07 Less talked about supply chain threats

18:07 Nondeterminism and mutability

18:57 Create react app [project 

21:00 Key: accuracy is very important 

24:24 Avoid mutable package references

26:00 Use lockfiles

27:05 Cache and bundle and dependencies

27:21 Current state of solutions and tooling with example 

30:00 Security companies and tools, advisory tools, SBOMs, cryptography, scorecards brands and badging, and panaceas

33:13 Future state solutions and tooling

36:06 Introspection

38:41 Validation

39:03 Wrap up Q&A and key takeaways 

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: Sustaining Open Source Software: Exploring Community, Financial, and Engineering Practices – Abigail Cabunoc Mayes

By Blog, OpenJS World

Talk from Abigail Cabunoc Mayes, Program Manager, GitHub at OpenJS World 2023 in Vancouver, Canada, May 10-12.

Abigail Cabunoc Mayes delves into key aspects of supporting and maintaining open source projects. The talk covers various strategies to ensure the sustainability of projects, such as providing financial support to project maintainers and implementing succession planning practices. Abigail highlights the advantages that corporate open source initiatives have in terms of hiring dedicated maintainers. 

The importance of succession planning for open source projects is also emphasized, given the steady increase in both open source adoption and contributors. Abigail then presents a case study involving past collaboration with Mozilla Open Leaders, discussing the implementation of payment mechanisms for maintainers and metrics to track financial practices. Additionally, the talk offers practical tips and guidance for others to adopt and practice sustainable open source software, focusing on community engagement, financial support, and engineering practices.

Main Sections

0:00 Introduction

1:53 Sustaining open source

3:17 Supporting maintainers 

4:50 Succession planning

7:43 Case study – past work with Mozilla Open Leaders

9:30 Pay maintainers

15:44 Easy to use and get started

17:35 Summary – sustain together

19:07 Thank you and Q&A

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: To Rewrite, or Not to Rewrite, That Is the Question – Bryan Hughes

By Blog, OpenJS World

Talk from Bryan Hughes, Staff Software Engineer, Patreon at OpenJS World 2023 in Vancouver, Canada, May 10-12.

We all know those OSS codebases; old, brittle, and getting in the way of adding new features and onboarding new collaborators. “I know!” you think, “Let’s rewrite this using shiny new tech! It’ll solve all our problems!” Sometimes rewriting is the best option, and sometimes it’s not. Even when it is, successfully rewriting a codebase is quite difficult in practice. Based on personal experience, in his talk, Bryan walks through the planning and implementation process to actually finish that long-desired rewrite.

Bryan covers key topics such as decomposing the codebase, different types of rewrites (full rewrite, partial rewrite, heavy refactor, light refactor), project planning, implementation, and the broader impact of rewriting code to benefit others. The presentation concludes with a gratitude message and a Q&A session.

Full talk available here: To Rewrite, or Not to Rewrite, That Is the Question

Bryan’s slide deck is available here.

Main Sections

0:00 Introduction

1:38 Decomposing in December 2014

3:47 A taxonomy of rewrites

5:35 Full rewrite

7:17 Partial rewrite

8:17 Heavy refactor

9:12 Light refactor

9:49 Define the problem

13:05 Determine constraints

17:16 Project planning 

21:47 Implementation

25:22 Release

33:05 The big picture 

36:35 Rewrite to serve others

37:15 Thank you and Q&A

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: The Evolution of Open Source through Design – Lise Noble

By Blog, OpenJS World

Talk from Lise Noble, UX/UI Distinguished Engineer, Discover Financial at OpenJS World 2023 in Vancouver, Canada, May 10-12.

Lise Noble discusses the industry’s adoption of open source software as a means to drive innovation and efficiency. While organizations have been increasingly embracing Design Thinking and incorporating it into their product development practices, there is a growing demand to extend open source principles to the entire design process and lifecycle.

In this talk, Lise shares the approach to design and the emerging need for DesignOps to improve the quality of speed of effective design and the emerging opportunity for Designers in the open source community. Lise covers the lack of design in UX and UI and shares methods for including and practicing accessibility. She wraps up by exploring the future of open source in design. 

Full talk available here: The Evolution of Open Source Design

Lise’s slide deck is available here.

Main sections

0:00 Introduction

1:17 Agenda

2:01 Engineering and design 

4:05 Lack of design and open source

7:01 Design thinking 

11:48 Common complexities

12:54 What if???

15:13 Intro to unified design with theme builder 

16:40 Atomic design and samples

18:12 Accessibility

19:13 Common disabilities/impairments

22:25 The state of Accessibility – provided by GAAD

23:08 Accessibility and atomic design 

24:25 Accessibility and color are HARD

26:26 Introducing theme builder – an open source project

27:00 Systems and themes

28:04 Layering systems and themes

31:05 Sub-branded themes?

32:23 What is design Ops Toolchain?

35:39 Importing code from Theme Builder into Figma

37:12 The benefits

37:43 Discover’s contributions to Open Source 

38:27 Looking ahead

41:35 The future of design and open source 

42:51 Thank you!

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: Advancing Web Runtime Interoperability with WinterCG – Ethan Arrowood, Vercel

By Blog, OpenJS World

Talk from Ethan Arrowood, Senior Software Engineer, Vercel at OpenJS World 2023 in Vancouver, Canada, May 10-12.

WinterCG is a community group dedicated to promoting web interoperability and advancing the development of web runtimes such as Node.js, Vercel Edge Runtime, Cloudflare Workers, and more. In this talk, Ethan discusses the challenges and opportunities facing web runtime interoperability and showcases the innovative solutions being developed by WinterCG. Ethan provides an overview of the group’s mission, values, and members. Additionally, he highlights achievements and summarizes ongoing projects. Finally, Ethan offers a glimpse into WinterCG’s aspirations for the future and the impact that interoperable web runtimes will have on shaping the web of tomorrow.

Full talk available here: Advancing Web Runtime Interoperability with WinterCG: Empowering the Future of the Web.

Ethan’s slide deck is available here.

Main Sections

0:00 Introduction

1:14 Why the group was formed

2:06 The goal of WinterCG

3:08 Non-goals

4:21 The process: collaborate, propose, implement 

10:53 Achievements 

11:45 Achievement: Fetch – Static response.json()

12:30 Work in progress – relax forbidden headers 

13:46 Work in progress – performance and web crypto streams

14:40 Work in progress – AsyncContext

15:00 Closer look – AsyncContext

19:01 Work in progress – “wintercg” common key

23:38 Get involved

25:00 Thank you and Q&A

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

OpenJS World 2023 – Celebrating Innovation in the JavaScript Ecosystem

By Blog, OpenJS World

It’s day one of OpenJS World, the OpenJS Foundation’s semi-annual event bringing together the JavaScript and web development communities! 

Want to network and find out how you can get more involved in JavaScript? OpenJS World covers the broad spectrum of the JavaScript ecosystem, including technical content from OpenJS Foundation open source projects and much more. Be sure to tune in virtually for the remaining sessions this week: Virtual registration here.

The full schedule is available here, including talks by the OpenJS Foundation’s executive director Robin Ginn, Ethan Arrowood from Vercel, Abby Cabunoc Mayes from GitHub, Kazuhito Yokoi from Hitachi and many more!

We’re excited to share the progress of our members and projects this week at OpenJS World, read on to find out what’s new this week!

Meta Joins the OpenJS Foundation

Meta has joined the OpenJS Foundation as a gold member! Meta Open Source has been key in creating and open sourcing many projects crucial to the JavaScript ecosystem, such as React, Jest, and Flow. Last year, Meta contributed its popular JavaScript testing project Jest to OpenJS, which garnered an enthusiastic response from developers for this community-led project.

More details are available in our blog post.

Major Commitment to Security and Stability

The OpenJS Foundation has achieved significant milestones this year focused on improving JavaScript security. Last week, we announced that the Sovereign Tech Fund, financed by the German Federal Ministry for Economic Affairs and Climate Action, awarded the OpenJS Foundation EUR 875,000 (USD 902,000). This largest ever government investment in a Linux Foundation project will allow us to deliver infrastructure updates across our project portfolio through a single-scalable solution and develop and deliver security and maintenance policies and practices for critical projects.

Additionally, our continued work with OpenSSF’s Project Alpha-Omega has granted funding for both Node.js and jQuery this year. Alpha-Omega is committing $300,000 to focus on improving supply chain security by improving Node.js security infrastructure. The funding is bolstering the Node.js security team and vulnerability remediation efforts, with a focus on supporting better open source security standards and practices. It was started in 2022 and renewed in 2023. Alpha-Omega is also committing another $350,000 to reduce potential security incidents for jQuery by helping modernize its consumers and its code. OpenJS, working with the jQuery maintainers and industry experts, will conduct an ecosystem risk audit, work on an expansion of its infrastructure modernization project, and build and promote a web modernization campaign for awareness and buy-in.

Championing our Community with Awards and Discounts!

At OpenJS World today, we are announcing our second annual JavaScriptLandia award members, showcasing an incredible array of creativity, diversity and energy – check them out in our blog post! Maybe you can be one of the winners next year!

Also, if you’re interested in improving your technical skills and understanding how you do on vendor-neutral certification tests, we have a OpenJS World-only discount available for you. We’re offering 60% off Node.js Training and Certification bundles with code OPENJSWORLD2023.

Certification is an important component of building and strengthening the JavaScript ecosystem. Certified developers can quickly establish credibility and value in the job market. Certification also allows companies to locate and hire high-quality teams to support their growth.

We hope you’ll tune in virtually to our event this week! After OpenJS World is over, we’ll have the videos up on our YouTube page to view on demand.

Happy OpenJS World!