The project has enabled GitHub sponsors and an Open Collective in order to to accept sponsorships.
The funds are to be used for specific efforts as decided by the TSC and documented on this page.
The main funding goals for the project include:
- Security Lead
- CI stability improvements
- Project health and collaboration
These goals are as documented in the sections which follow and will be documented in GitHub sponsors and Open Collective pages.
Target: 300,000 USD
Description: For the past two years the OSSF has funded a security lead. This has enabled the project to improve its turn around time for fixing vulnerabilities, delivering security releases, making the security release process more efficient through automation and reinvigorate the project's security team. This renewed security team has made progress by defining the threat model for Node.js, tracking progress against the OpenSSF scorecard, and more.
The urgency and fixed deadlines that are often associated with security issues are a poor fit for volunteers. Having a security resource whose job is to work on these issues not only results in faster resolution of security issues, but it also avoids the burnout of volunteers who might try to squeeze in urgent issues along with their regular job.
Target: 60,000 USD
Description: Progress of the project has been impacted by flaky tests over a number of years, making it the top pain point for the project contributors. The project needs a dedicated resource who will:
- lead a test reliability strategic initiative, rallying and supporting contributors who work to reduce flaky tests. This might include running regular test team meetings, documentation, tools, or whatever strategy works to achieve more than they can do on their own
- build tools and improve automation that allows the project to effectively manage flaky tests to reduce their impact on the CI
- Investigate and fix existing tests being marked as flaky in the status files
Target: 20,000 USD
Description: Funds to be used to support general project health and collaboration.
It is important that we promote non-monetary sponsors at least as well as monetary sponsors. We may have limited ability to do that through Open Collective and GitHub sponsors so we should avoid providing links to those on the website or Node.js until we figure out how to do that.
We also want to make sure that the message is that we generally prefer people to contribute to the project with people versus a monetary sponsorship and the ability to make monetary contributions is to cover cases where that is not possible.
The accounts are manged by the TSC. The user ids and passwords are shared with TSC members through 1password. All payments for sponsorships received will be made to the OpenJS Foundation who has agreed to manage the funds that are received on behalf of the project.
Potential disbursements will be agreed through TSC discussion and before approval, documented in a PR in the TSC repository which adds the intended use and funding envelope to this page. The disbursement is considered approved if there's no objections from a project member in 72 hours, and consensus has been reached in the TSC. Objections can be overridden with a TSC vote.
When work is complete for an approved disbursement, a request will be made by the TSC to the OpenJS foundation to pay the person chosen by the TSC to do the work.
Intended use | funding envelope | paid |