Adam Baldwin started the Node Security Project in 2013. He saw that the biggest security risk was the code written and maintained by other developers, distributed by npm, outside of his control.
Back then the registry had something like 12,000 modules and the goal of auditing them all was within reach. If you know the story of npm and the explosive growth of node.js and the module ecosystem then you know this ridiculously ignorant goal would be soon out of reach. But that wouldn't keep them from trying.
When we got started we had a lot of community support. Early community supporters included (but certainly not limited to)
Today we continue to help make security a core value in the node.js ecosystem.
We make our Tooling and information freely available to open source because we believe strongly in the community we are contributing to.
We also make the Node Security team and it's services commercially available so that the growing enterprise needs can be met and also support the project.
To be continued...