Peace, Love and JavaScript

Hi, everyone. Hi, Node Congress friends. I'm Robin Vendergian. I'm here today to talk to you about peace, love, and JavaScript.

Now, you know, I've had the best jobs ever. I've got to spend, you know, most of my career working with open source and open standards communities like you. At that, the past 13 years, I've been working with the Node.js community. And for the past four plus, I have been the executive director of the OpenJS Foundation.

And if you don't know, OpenJS was created by the merger of the Node.js Foundation and the JS, the JavaScript Foundation, shortly before I joined. Now, here is my friend and predecessor, Michael Rogers. Michael was the first executive director of the Node.js Foundation, and he may not have described his job as the best job ever back in 2015. In a newly released Node.js documentary, he described the challenges facing the project at the time as there was so much drama. And you're going to have to take a look at the Node.js documentary that was just released on YouTube. It was released by Honeypot, who some are calling the Netflix for developers. And you may have seen their documentary on React or Kubernetes. And just want to really thank the Honeypot crew. They're a great job platform, particularly for folks in Europe.

And so if you look at OpenJS today, we not only support Node.js, we support the JavaScript ecosystem as a whole. And when you think about why do we have a foundation, and I often like to say when a piece of technology becomes super important to the world, it is often donated to a foundation. And we love our 35 projects, but there are thousands of other open source projects that are connected with ours. And did you know that 99% of the world's websites rely on JavaScript? So most people are using JavaScript, whether they know it or not. Folks like NASA, they use Node.js or spacesuit solutions to keep astronauts safe. So if you think about it, Node.js and open source really are mission critical to the world.

So let's just take a step back and give you a brief overview of our projects. Our projects are really critical to the web and beyond. We have Appium, we have Jest, jQuery, Webpack, and of course Node. And our foundation really could not survive without our members. They really make it happen. They provide the financial support to run our operations. And individually, they're also very active in our governance process.

And you know, if you take a look at the Node documentary, you'll find the drama was probably the result because it was missing a few key elements in those early days of Node. So today, I'm going to talk to you about the elements that are sort of critical to minimize drama in open source projects. And the first one is neutrality. And at OpenJS, we have policies in place as a neutral nonprofit organization to minimize drama. And by doing this, we really have a separate business and technical governance.

We have a board of directors that are comprised of our members that really sort of set the budget and in the kind of business operations of the foundation. And then we have a separate technical side that is unrelated to our membership. And we have the cross project council, which is typically what other foundations describe as a technical oversight committee. And they really take a look across the board at all of our projects and set best practices. And as an umbrella organization, one key thing that we put in place early on is to create a model that gives a strong voice to our individual projects. So each project has their own technical steering committee or core team that really drives and sets the technical direction of our projects. So if you'll take a look at it, our paid members have no influence on the technical direction of the projects.

Another key way to minimize drama is through open governance. And if you take a look at sort of open source, open source is really defining how software is distributed, the licensing, and more. But open governance really is about how the project is run. So if you take a look at open governance, the collaborators are typically nominated, and their leadership is elected in some democratic form. And if you're taking if you're sort of wondering if your favorite open source project has open governance, take a look at their repo and see if they have a governance page. So you'll find the Node.js governance page right here if you go on to GitHub. And what you'll find after you digest all of the information is that no one person can control Node.js. No one company can control Node.js. Each collaborator has to compromise to achieve their objectives. So Node, for example, has a technical steering committee, a TSC, and their responsible for all of the technical direction of the project, including the release quality standards, the project governance policies and process, the GitHub hosting, and any sort of conduct and mediation, and so much more. And if you take a look at the collaborators in the project, they own the repo for the Node.js slash Node GitHub repo, and collaborators have access, human access to that repo and access to the continuous integration, the CI jobs. And you know, if ever there is a disagreement with the project all up, and that's not just the collaborators, there's a lot of working groups as well, the TSC votes, and then there's some other neutrality pieces that are built into the Node governance. And one important piece is that of all of these people, no more than one fourth of those people can represent the same company. So again, we love Node, it's truly a community-led project. And their governance has really sort of set precedent in best practices for other open source projects. One other aspect of governance is sometimes the people in the governance project changes. And that's okay. Sometimes, you know, maintainers or the technical steering committee, they run out of time, energy, they may have changed jobs, where they don't have as much time.

So sometimes we have projects where they need to sort of reboot their governance. And we've seen some wonderful examples under the OpenJS Foundation where this has happened. One was Mocap, for example, that was passed to new maintainers. And another recent example is, is the Express project. Express is a JavaScript web application framework. It has 29 million weekly downloads. And what we found is Express had sort of stalled if you've been tracking it. And we, you know, the community really thought that could be a security and a stability risk for millions of users and companies and others who rely on Express. So what was really cool to see is that the community members recently stepped in with help from the OpenJS Foundation Cross-Project Council. And they put together a plan that you'll see in the Express forward discussions folder, along with some of their top priorities to really move that project forward. So they've added new members to the technical committee. And they they're just really, you know, doing wonderful things. And we're really excited to see what that's happening. It is rare that this happens. But again, it's it's sometimes part of the normal ebb and flow of an open source project. And it's great to see the Express, Express rebooting its governance.

Another key way to minimize drama is intellectual property. And while you know, the Node Foundation, and then later the OpenJS Foundation, they brought neutrality and open governance to the Node project. It wasn't until seven years later, just a few years ago, where Joyent, who is now owned by Samsung, transferred the Node.js logo to the OpenJS Foundation. And you know, we at OpenJS had previously been granted kind of, you know, perpetual free use to use the Node trademark and logo for the past several years. But it just wasn't the same. And, you know, one of the key advantages to having an open source project hosted at a foundation like OpenJS is the legal support. And that includes the management of things like trademarks, and trademarks really protect the work of you, the collaborators who are working on these projects. And trademarks are important, not just for the protection of the brand, but it actually identifies to the specific source of the code. And there's many reasons why this is important. Think about the download link, super important. It also protects the authenticity of things like documentation, certification and training events, and perhaps the abuse of the trademark being used in commercial entities. So intellectual property was really key. And you can see that the community was really excited that Joyent and Samsung contributed the Node trademark to the foundation.

Another key way to minimize drama is collaboration.

And at OpenJS, we operate in a better together kind of way. And you may see other foundations have things called working groups. You know, we're a little more JavaScripty, and we like to call our working groups collaboration spaces. We just think that that's like a little bit more collaborative and inclusive. And it's a way to really reach broader audiences. And so we have four collaboration spaces underway right now. And you're all invited to join these anytime all of our meetings are public. And I'll share more information about that. But let me just give you a quick overview of our cloud spaces. First, we have the open visualization cloud space. They actually have their own website open visualization.org. And they really govern the really cool libraries based on JavaScript and WebGL. So think about Kepler, vis GL, deck GL, some really great work happening in the open vis space. We have a security cloud space, setting policies and best practices, not just for our projects, but hopefully for the JavaScript ecosystem as a whole. And part of that has been caring, undertaking some work that was funded by the German government sovereign tech fund, and really excited about the work there. A lot of that is taking a lot of the security best practices that are being developed at the Open Source Security Foundation, the open SSF, and customizing that for JavaScript. And we're also going to be rolling out some trainings and other things this year. We also have a package metadata interoperability collapse space. We recently blogged on why you should care about package metadata interop. But there's some really interesting work happening, where the committee is working to define packages across all of the ecosystems dealing with package JSON. And last but not least, we have a standards collab space. It's kind of a who's who in the collab. In the standards world, we have representatives from ECMA TC 39 TC 53. There are TC 39 is defining the ECMAScript standard, we have W3C, we have Winter CG, and we have also the Unicode consortium, which actually defines emojis, which is super cool. So again, these groups meet bi weekly, and we'd love to have you participate. And if you think about open source projects, you know, there's a lot more that goes into it than just code. So I talked a little bit about how the foundation supports projects with legal and some of the security work. We also do a lot of marketing to sort of help drive the adoption of the projects. And we also host the IT infrastructure for these open source projects. And I like to describe what we do is, you know, think about if you work at a big company, and you have the dev team building, you know, the product.

For us, the product is the open source project. And we are like the product team around that. So we do everything beyond code, that just really helps her to remove the friction for the maintainers to build the best open source project that they that they can, that they can do.

And then what's kind of extra special about us is, is again, that neutrality. So when people are contributing, you want to think about who do you trust to send your contributions for the future. And then one really wonderful thing about the Open JS Foundation is our culture. We are diverse, we're vibrant. I like to think we're fun, creative, collaborative. So it's been a wonderful way from COVID even on where you're going to make new friends, you'll find that company lines and country lines just dissolve as you meet and collaborate people who are passionate about open source, and about Node.js.

So if I were to think about the Hollywood ending for the node 2024, movie sequel, because if you look at the documentary that was released recently, that really ended at 2015. And while we have come a long way since 2015, so so many great data points happening in the community, as I mentioned, that open governance, that really did set a de facto standard for Node.js. And contributed to its success. So since 2015, that team has been shipping every six months, gosh, last year, over 2 billion downloads, we'd like to say it's probably on every developer's laptop. And all of the recent work they've done with security has been outstanding. So really excited about the future of Node.js. So if you would like to participate in any way, whether it's Node or any of our projects, take a look. You also can go to our website. Our Slack is open. There's a link for Slack, our public calendar, more information about our collaboration spaces. So really, we would love to have you collaborate with us. And thanks Node Congress friends for having me. Thanks a lot.