In order for us to start vendoring NodeJS modules into the tree carefully, we need a set of reviewers and folks who will be able to guide and advise. Dave Townsend and I have put together a proposal for a NodeJS usage, tools and style module.
I'll add it to the module list this coming Monday, December 2nd, unless there are outstanding discussions, objections, etc. Here is the proposal: Name: NodeJS usage, tools, and style Description: Advises on the use of NodeJS and npm packages at build and runtime. Reviews additions/upgrades/removals of vendored npm packages. Works with appropriate teams to maintain automated license and security audits of npm packages. Works with the security team and relevant developers to respond to vulnerabilities in NodeJS and vendored npm packages. Owner: Dan Mosedale Peer(s): Mark Banner, Danny Coates, Kate Hudson, Jason Laster, Ed Lee, Dave Townsend Source Dir(s): package.json, package-lock.json, node_modules and others as appropriate Bugzilla Component(s): Various components Discussion Forum(s): firefox-dev, #nodejs on slack _______________________________________________ governance mailing list governance@lists.mozilla.org https://lists.mozilla.org/listinfo/governance
