Skip to main content
Category

Project Update

Appium 2.0 Officially Released: Extensible Ecosystem for Automation Makes It Easy to Add Your Specific Tests

By Announcement, Appium, Blog, Project Update

We’re delighted to share that Appium 2.0 is now available

Appium is an open source test automation framework for use with native, hybrid, and mobile web apps. Appium is an Impact project under the OpenJS Foundation ecosystem.

Appium drives iOS and Android apps using the WebDriver protocol. Appium can be used for testing native mobile applications (iOS or Android), mobile web applications (Safari or Chrome) and hybrid mobile applications that combine both. This makes it a versatile tool that can be used for a variety of projects. Appium is used by companies like GEICO, Charles Schwab, Walmart, and many more.

“Appium’s vision has always been larger than being a mobile app automation tool. The WebDriver paradigm was a good fit for the web, and it turned out to be a good fit for mobile too. With Appium 2, we wanted testers to be able to reach for a single tool to accomplish all their automation tasks across multiple platforms,” said Jonathan Lipps, Senior Director, Automation Technologies at Headspin, Inc., and the project lead for Appium. “Thank you to all Appium collaborators and contributors. This is a major milestone!”

2.0 reenvisions Appium as a platform where drivers and plugins can be easily created and shared. With a more friendly and standard interface, Appium 2.0 offers:

  • A new system for developing and sharing Appium drivers to facilitate automation of new platforms
  • Plugins that extend or modify any of Appium’s behaviors
  • The ability to install drivers and plugins from across the ecosystem with a single command

Interested in learning more? Join Appium Project Lead Jonathan Lipps for a free webinar on July 11, 9:00-10:00 AM PDT. Register now!

Congratulations to all of the collaborators and contributors on this major launch. Try out Appium 2.0 today!

Progress Report – Strengthening Node.js Security

By Blog, Node.js, Node.js Security, Project Update

In April this year, the OpenJS Foundation announced the Open Source Security Foundation (OpenSSF) had selected Node.js as their initial project to help improve supply chain security. As part of OpenSSF’s Alpha-Omega Project, $300k was committed to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022. The focus is on supporting better open source security standards and practices. The Alpha-Omega repo for Node.js is here.

Since the announcement, OpenJS has quickly onboarded new OpenSSF security support resources who hit the ground running. Better plans and processes have already started to be built out and are already having an impact.

For example, security processes are being improved through a Security Model that is being discussed in the Security Working Group. The structure has been defined and they are currently working to document assumptions from the Node.js runtime. 

The community is creating a new Threat Model that provides context on what will and will not be considered a vulnerability in Node.js, which will particularly help inform security researchers. It includes all the current threats and their mitigation for each environment using Node.js. Note: This may change over releases.

The community also added vulnerability checking for Node.js dependencies. This is a new script that queries vulnerability databases in order to find if any of Node.js’ dependencies are vulnerable. It runs as part of the continuous integration workflow, and if any new vulnerabilities are found, it automatically opens an issue tagging Node.js’ maintainers and Security Working Group members.

Additionally, the Node.js team fixed the first OpenSSF Project Omega CVE as part of the Node.js July 7, 2022, security release.

Organization

Day-to-day security is run through the triage team who look at HackerOne reports to fix issues and handles the ongoing OpenSSL reports and updates. The turnaround time on fixes has been tightened from about one week to under two days. 

The Security Working Group, which has a broader mandate to look at the future of Node.js security, has been reactivated, meeting every two weeks.

Join us!

Node.js is a critical community-led project where we need more people to contribute. If you are interested in lending your security expertise, we would like your participation. Our Security Working Group meets on Thursdays. You can download the calendar info from here: Node.js Project Calendar.

Node.js Framework LoopBack Graduates to At-Large Project at OpenJS Foundation

By Blog, Project Update

LoopBack fans will be happy to hear that the project has graduated from the Incubation stage at OpenJS Foundation! 

LoopBack is a popular Node.js framework for API creation and a platform to build large-scale Node.js applications. It uses proven patterns with TypeScript and gives support for SOAP and enterprise databases. It is a flexible developer-centric middleware that is being used in industries such as finance and insurance. 

Graduating is an important milestone that helps solidify LoopBack’s position as a vendor-neutral, community-driven open-source project. In June 2021, StrongLoop, an IBM company, contributed LoopBack to the OpenJS Foundation with the goal of growing the community’s active core of developers. Graduating to At-Large stage is a major step forward! They now have maintainers and Technical Steering Committee (TSC) members from different organizations worldwide. 

“We’re thrilled to have LoopBack as part of the OpenJS Foundation family of JavaScript projects. LoopBack is a great example of how open source communities flourish over time with open governance and sustained structural support,” said Robin Ginn, OpenJS Foundation executive director. “Congratulations to all the LoopBack contributors.”

LoopBack is one of 40 projects officially hosted under the OpenJS umbrella–joining platinum members Google, IBM, Joyent, and Microsoft.

“We’re excited that LoopBack has graduated from incubation and is officially joining the OpenJS Foundation’s hosted projects. Over the years, we’ve been moving towards a more open governance model–from actively recruiting maintainers outside of IBM to establishing a Technical Steering Committee made up of maintainers from different professional backgrounds. So joining the OpenJS Foundation is definitely a major milestone for LoopBack,” said Diana Lau, a maintainer and TSC member who has worked on the project since it was with IBM and is currently the senior development manager for API Connect Cloud at IBM.

Lead maintainer and TSC member Rifa Achrinza commented, “I’ve been heartened by the many contributions and support driven by the LoopBack community through channels such as GitHub and our ever-growing Slack channels. This steady community growth shows an increasing desire for a stable framework like LoopBack in the Node.js ecosystem.”

The project has also been working to develop open governance in line with OpenJS Foundation standards and with LoopBack’s new distributed maintenance model.
Project TSC member and maintainer Raymond Feng added, “The project has become much more community-driven under the OpenJS Foundation. I’m very happy to see LoopBack graduating from the incubation. It’s a great validation that LoopBack can be further maintained and developed by the community with a diverse pool of maintainers and contributors.” Raymond Feng was a co-creator of LoopBack and is currently Co-Founder and CTO of Abridged, Inc.

OpenJS Foundation’s Node.js CPC chairperson and voting member Joe Sepi Crane-Messina commented, “I joined IBM through StrongLoop and spent years working on and advocating for LoopBack. I couldn’t be happier to see it move into the foundation where it can grow and flourish.”

Recent LoopBack activity stats show that adoption in the community is growing. LoopBack has reached 4.1k GitHub stars and close to 216,000 npm downloads. Their Slack community has grown over 40% since incubating with the OpenJS Foundation and now has 1300 members. Additionally, LoopBack’s growth has been documented through quite a few user testimonials.

In the fast-paced Node.js ecosystem, the stability of LoopBack and the Juggler ORM has proven invaluable to those who demand a stable, complete solution while benefiting from the flexibility and simplicity of JavaScript.

The project has a few near-term goals. First, they have consolidated their blog and documentation site into the LoopBack website, where they plan to highlight the project’s maintainers and the journey to adopt LoopBack in their day job. In addition, they have planned security-related work including adopting OpenSSF Best Practices, publishing advisories in machine-consumable formats, and enhancing the vulnerability disclosure program. These goals aim to open new ways to interact with the community and strengthen LoopBack’s development focus on security.

This graduation signals a new major milestone for the framework as we continue to support the future of LoopBack in the ever-growing Node.js ecosystem. The OpenJS Foundation is proud to welcome them!

Node.js 18 Released With Improved Security, Fetch API, and Next-10 Strategic Initiatives

By Blog, Node.js, Project Update

Node.js 18 is available now! It adds multiple key features of enterprise and small- to medium-sized enterprises including increased security support, the Fetch API, and it is part of delivering on the larger Next-10 strategic initiative within Node.js that is pushing forward key priorities including modernizing HTTP and keeping Node.js on the forefront of web development. 

As part of increased security support, Node.js has been announced as the first pilot open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

“The Node.js team continues to do fantastic work. The open governance structure for Node.js has led to tangible improvements in security and forward-thinking planning, and the main features of Node.js 18 will be highly valuable to enterprises of all sizes,” said Robin Ginn, OpenJS Foundation executive director. “Whether you’re a new user or already have Node.js broadly implemented, now’s a good time to install and test Node.js 18.”

Following its long-established release schedule, Node.js 18 is a Current release, which means it’s the right time for testing by enterprises, before being suitable for production usage when it is promoted to long-term support (LTS) in October 2022.

“The Node.js project contributors and collaborators continue to do an excellent job, and I want to thank them all. We continue to improve and grow, and I believe Node.js is a real open source success story,” said Bethany Griggs, Node.js Technical Steering Committee member, and Senior Software Engineer at Red Hat. “As always, current releases, like Node.js 18, are the perfect time to test in your own unique development environment. If you’re a Node.js user, please try out Node.js 18 and give us feedback. Your feedback directly contributes to our ability to move new features into stable releases more quickly.” 

For comprehensive information on specific Node.js features, see the Node.js team release announcement written by the Node.js project contributors: LINK

There are three key reasons to evaluate and upgrade to Node.js 18: Security, APIs, Future Planning.

Security

This is the first version that will be later promoted to LTS with OpenSSL 3.0. OpenSSL 3.0 is a major new stable version of the popular and widely used cryptography library. OpenSSL contains an open-source implementation of the SSL and TLS protocols, which provide the ability to secure communications across networks. Among other key features, OpenSSL 3.0 contains a FIPS Module that has been submitted for validation. The Federal Information Processing Standards (FIPS) are a set of requirements enforced by the US government which govern cryptographic usage in the public sector. This is a key step forward in the cryptographic support in Node.js.

The Node.js project follows a well planned security release process, with regular outbound communications and more. In the last year, Node.js has formalized rotations around security. The commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. 

APIs

Node.js 18 is adding even tighter synergy between front-end and back-end APIs. One of the key premises of Node.js is that JavaScript skills can be applied to the back-end. With Node.js 18, Fetch is globally available by default. The Fetch API provides an interface for fetching resources including across networks. It will seem familiar to anyone who has used XMLHttpRequest, but the new API provides a more powerful and flexible feature set.

“Node.js 18 will enable the Fetch API as a default. It’s been available since Node.js 17, but this moves forward Node.js application development, and it’s exciting to be a part of the process of improving Node.js in key fundamental areas,” said Michaël Zasso, Scientific research software engineer and co-founder at Zakodium, member of the Node.js Technical Steering Committee. “I would like to thank multiple team members and contributors, and in particular I would like to thank users who push us and support us. Thank you!”

XMLHttpRequest has been used by web developers enabling ajax and a whole new kind of interactive exposure. However, it has been slowly succeeded by Fetch API. Fetch API is Promise based, providing a cleaner and more concise syntax.

Future Planning

The Next-10 effort has elevated technical priorities which have led to discussions around modernizing http. The purpose of the Next-10 project is to work collaboratively on the strategic directions for the next 10 years of Node.js. Fetch API is one direct result of this process. The full Next-10 repository is available here: https://github.com/nodejs/next-10 

Node.js Training and Certification

The OpenJS Node.js Services Developer (JSNSD) and OpenJS Node.js Application Developer (JSNAD) certifications are available now. Node.js training courses are available to help you prepare for the exams: Node.js Application Development (LFW211) and the Node.js Services Development (LFW212). Discounts are available to members!

OpenJS Resources

Click here to learn more about how you could be a part of the OpenJS Foundation, and view these additional resources:

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects and collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is currently home to 39 open source JavaScript projects, including Appium, Dojo, Electron, jQuery, Node.js, and webpack. It is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft, and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js, and more are considered critical to developing the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit their website.

JSON Schema Joins OpenJS Foundation

By Announcement, Blog, Project Update

JSON Schema is the newest technical project hosted under the OpenJS Foundation! 

JSON Schema is a vocabulary that allows you to annotate and validate JSON documents. It defines how a JSON should be structured, making it easy to ensure that a JSON is formatted correctly, and it is useful for automated testing and validating. In addition, JSON Schema provides clear human- and machine-readable documentation.

“We are thrilled to welcome JSON Schema into the OpenJS Foundation. Building a community requires dedicated people and great technology, which JSON Schema already has. It also requires a reliable structure for open governance and legal support that allows worldwide communities to grow. As the vendor-neutral home to almost 40 open source projects, JSON Schema already fits in well with our ecosystem of projects,” said Robin Ginn, OpenJS Foundation executive director. “We look forward to providing resources and support to JSON Schema to help their community to grow.”

“JSON Schema’s supportive community has in part enabled us to get this far. This has been critical to its success. JSON Schema is primarily a validation tool, plus it’s gaining additional uses such as generating forms, generating databases, or generating other UIs. We want to make sure the community and technology can continue to grow, possibly in unforeseen directions,” said Ben Hutton, JSON Schema specification lead at Postman. “By joining the OpenJS Foundation, we gain the community structure and support – with a strong focus on open governance – to continue to build and enlarge the community. We remain committed to being an interoperability focused standard, and want to provide assurance that JSON Schema will remain open and owned by the community that needs it.”

“The OpenJS Foundation continues to grow, and JSON Schema is a great addition. It is a key foundational technology, and by joining the OpenJS Foundation, it now has a strong home for further growth,” said Todd Moore, OpenJS Foundation Board Chairperson and Chief Developer Advocate IBM. “We are looking forward to working with and supporting JSON Schema.”

“The OpenJS Foundation is continuing to support key technologies that JavaScript communities rely upon. JSON Schema is an important addition,” said Joe Sepi, Open Source Program Director at IBM, and chairperson of the OpenJS Foundation Cross Project Council.“ JSON Schema is a great example of how interconnected JavaScript technologies can be. Providing a structure for sharing data is critical.”

“The Cross Project Council carefully considers the projects that join our neutral home at the OpenJS Foundation. We are pleased to have JSON Schema onboard so we can support the project’s growth, and the maintainers can contribute their expertise to the broader JavaScript ecosystem through OpenJS,” said Eemeli Aro, Staff Software Engineer at Mozilla, and OpenJS Cross Project Council (CPC) member. 

JSON Schema will be designated “At-Large,” which includes many different types of projects but is most often used for stable projects with minimal needs. They are now officially in the incubation process where projects complete their on-boarding to join the foundation.

To find out more about JSON Schema, including a complete list of current implementations, see https://json-schema.org/ 

JSON Schema Resources

 

OpenJS Resources

Click here to learn more about how you could be a part of the OpenJS Foundation, and view these additional resources:

 

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects and collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is currently home to 35 open source JavaScript projects, including Appium, Dojo, jQuery, Node.js, and webpack. It is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, and Microsoft. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js, and more are considered critical to developing the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit their website.

 

Node.js Certified Developer Spotlight: Juan Picado

By Blog, Certification, Node.js, Project Update

We recently interviewed Juan Picado, a Senior Front-End Engineer at Adevinta about his experience taking the OpenJS Foundation Node.js Application Developer certification (JSNAD). 

Here’s what we learned.

OpenJS: Why get certified through OpenJS?

Juan Picado: The OpenJS foundation is a reference that protects, provides, and facilitates a platform to the JavaScript community, supporting open source projects, and is a well-known organization. Hand to hand with the Linux Foundation is the best support for a Node.js Certification that gives high credibility and confidence.

OpenJS: How was the test-taking experience? Compared to vendor-specific certifications, how is a vendor-neutral test different?

JP: I like the approach that the test was not based on multiple-choice questions rather on real-life problems. This provides an extra boost of confidence even if you have already years coding JavaScript and Node.js. The vendor-neutral focus is more on the language and fundamentals and that is essential knowledge worth having as a baseline because it does not expire. JavaScript and Node.js always evolve.

OpenJS: How has the certification helped, added value for you?

JP: I always felt insecure in a few areas of Node.js. Streams and Process always were scary to me and those are part of the core of this certification. Even having years of experience, I have acquired valuable insights and a new vision on how to make things right. For me, it has been really valuable and has helped me dive more into the specifics of Node.js.  A certification always has professional benefits.  

OpenJS: What are your career goals and how do you think certification can help in reaching them?

JP: Definitely, it is one important step on my career roadmap.  I’m a believer that the fundamentals matter and this certification helps you to achieve that with Node.js and JavaScript.

OpenJS: Anything else to add?

JP: It is worth mentioning that the e-learning platform in combination with the one-year period gives you enough time to prepare yourself. That is really valuable.

Through August 24, Linux Foundation certification exams – including Node.js certifications – come with a FREE training course to help you both learn new skills and prepare for your exam. Learn more about this great offer at https://bit.ly/2WQxlo9

An update on how AMP is served at the OpenJS Foundation

By AMP, Blog, Project Update

When the AMP project moved to the OpenJS Foundation in 2019, our technical governance leaders shared a plan to separate the AMP runtime from the Google AMP Cache, and host the AMP runtime infrastructure at the vendor-neutral OpenJS Foundation. OpenJS is happy to report that this complex task of re-architecting the AMP infrastructure is making tremendous progress thanks to input and guidance from the AMP Technical Steering Committee (TSC) and AMP Advisory Committee, as well as thanks to the AMP Project and OpenJS teams for coming together despite the work and life challenges that were sometimes faced during the pandemic.

About AMP

AMP is a multi-stakeholder open source project used across a broad range of organizations to increase web performance. It’s a web component framework with a collection of complementary technologies that help publishers easily create websites that load quickly and predictably on different networks and devices.

Today AMP powers nearly 10 billion web pages worldwide, and is implemented by Google, Microsoft Bing, Pinterest and Pantheon, among others.

An AMP Cache is a cache of validated AMP documents published to the web, which allows the documents to be served more quickly than if they were generated by the original site each time they were displayed. Two of the largest AMP Caches are operated by Google and Microsoft, each of whom use the foundations developed by the AMP open source project to build their own commercial AMP Cache. This is a similar model to how most commercial products are built today with open source projects such as Linux and other JavaScript technologies such as Electron and Node.js.

Understanding how the AMP runtime will be served moving forward

The AMP runtime is a piece of JavaScript technology that a developer can add to their website to be able to use AMP components for building their website. By using AMP components, their pages become eligible to be hosted by an AMP cache. Some websites may choose to host the AMP runtime files themselves, while others may want to rely upon the AMP runtime soon hosted by the OpenJS Foundation to deliver the latest version of the code on demand. Ultimately, the choice is up to the developer. Please note that  documents served from the Microsoft or Google AMP Caches will still download the runtime from the specific AMP Cache itself.

The AMP runtime itself is developed openly and transparently in the AMP Performance Working Group. This part of AMP will not change, as the goal in moving to the OpenJS Foundation was to ensure this work could continue under a vendor-neutral nonprofit, and this is still a high priority. What’s new is that after disentangling the AMP runtime from the Google AMP Cache, the OpenJS Foundation will manage the servers that deliver the AMP runtime files (the download server and the CDN). As planned, the OpenJS Foundation has been involved in the implementation of hosting the CDN and has been spending additional time to fully understand the technical requirements.

Hosting project infrastructure is a core service of our Foundation – it’s one of many ways we help maintainers manage the stability and delivery of their open source projects. The way OpenJS hosts the AMP runtime infrastructure will be very much like how we support the infrastructure for the popular jQuery CDN, which performs a similar function and distributes 2.2 petabytes of jQuery libraries per month. We are working with Cloudflare to host the AMP runtime CDN. OpenJS Foundation projects benefit from the goodwill of Cloudflare’s contribution to open source through its free Cloudflare Enterprise program, in addition to other CDN providers who support other OpenJS communities. 

As an umbrella organization, the OpenJS Foundation has a governance model that gives a strong voice to its projects. Each of the projects are run independently at the direction of their core maintainers or Technical Steering Committees, as is this case with the AMP TSC. At the same time, OpenJS takes on the non-development aspects of the projects, ranging from infrastructure support to marketing, to help our projects grow and get better every day.

We are thrilled to be making this change to help the open source AMP Project continue to grow and diversify its contributors as they all work to make great experiences for the web.

If you have any questions about OpenJS please reach out to me at rginn@openjsf.org, or on our Slack workspaces: OpenJS Foundation or AMP. If you have any AMP Project specific questions please feel free to reach out via GitHub.

Posted by Robin Ginn, Executive Director, OpenJS Foundation

Node-RED 2.0, Project Update

By Blog, Node-RED, Project Update

Node-RED, a hosted project at the OpenJS Foundation, recently shipped its latest version, 2.0.

Node-RED logo

In a blog written by Nick O’Leary, the main focus of Node-RED 2.0 is dropping support for old versions of Node.js that are themselves no longer supported which allows the team to make major dependency updates internally.

The new release also includes first versions of the Node-RED Flow Debugger and Linter. These are optional plugins that really step up the developer experience within the project’s editor.

For all details, check out the Node-RED blog and watch Nick outline the release notes in this video.

jQuery project: addressing temporary CDN issues

By Blog, jQuery, Project Update

As part of its ongoing infrastructure updates, the jQuery infrastructure team is making configuration and deployment changes to address intermittent outages reported by some users. The issue is the result of faulty IP allowlisting which affects users downloading jQuery project assets from certain IP addresses.  

jQuery Logo

This issue is expected to be resolved in the next few weeks. In the interim, users can mitigate the issue by downloading and serving the files they need. 

CDN migration is part of a package of infrastructure improvement projects the project has been undertaking this year. The infrastructure team plans to provide a full overview of these improvements, which will help support the long-term maintenance of jQuery and its related projects, later this summer.
jQuery continues to be a widely-used open source project with active maintainers. While many sites host jQuery locally, others rely upon the jQuery CDN to deliver the library on demand. On average, the jQuery CDN delivers over 2 petabytes of code per month. The project is hosted at the OpenJS Foundation, the vendor-neutral organization to grow and sustain the JavaScript and web ecosystem.