by Emily Mitchell Published November 28, 2018
While the malicious package has been pulled and fixes are in place, this security breach brings attention to a problem that the Node community has grappled with for a while: How do we properly maintain the key Node.js packages that are heavily depended on by users, along with all their various dependencies?
In many cases, these modules are created, released and become a key part of the toolkit used by Node.js developers. Later on, as circumstances change for the original authors, they can no longer maintain (most often in their free time) due to lack of time, interest, or other reasons. With over 60,000 modules (and growing!), it’s time to address the problem.
Michael Dawson, the IBM community lead for Node.js and chair of the Node.js Technical Steering Committee, recently kicked off a Working Group in the Node.js project to work on this issue. You can read his blog post about the new team, including some history around the topic and initial plans going forward here: Call to Action: Accelerating Node.js Growth.
Among other things, some initial goals of the group include:
Join the new package maintenance team and help us secure and accelerate the use of Node.js.
Learn how IBM has shaped the Node.js community and core and hear what we envision for the future of Node.
In this blog post, we explain what the MEAN and MERN stacks are, summarize a cloud-native approach to development, and…
Cloud FoundryCloud Native+
Back to top