►
From YouTube: 2022-01-13-Node.js Technical Steering Committee meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
So
welcome
to
the
node.js
technical
steering
committee
meeting
for
january
13th
2022
we're
going
to
follow
our
standard
agenda
of
going
through
the
issue
that
was
opened
in
the
repo.
That
issue
was
number
1148.
before
we
get
started.
We
know
there's
some
issues
with
zoom
in
terms
of
showing
everybody,
so
we
thought
it'd
be
great
to
have
everybody
introduce
themselves
so
that
people
know
who's
here
when
they're
watching
the
stream,
so
we're
just
gonna
go
through
the
the
list.
So
let's
kick
it
off
antoine.
A
Okay,
so
that's
everybody
who's
here
before
we
jump
into
the
agenda.
Does
anybody
have
any
announcements
they'd
like
to
share.
D
Yes,
you
know
I
I
plan
to
be
there,
so
I
don't
know
if
long
travel
for
me,
so
it's
it's
going
to
be
fun
so
also
there
might
be
some
collaborator
summit.
I
don't
know
so.
A
Definitely,
plans
are
being
discussed
for
collaborator
summit.
I
know
there's
space
being
observed,
so
we'll
have
to
kick
off
the
planning
within
the
project.
So
that's
one
of
the
things
I
I
actually
expect
an
issue
to
be
open
from
robin
in
one
of
our
repo,
soon
to
say
like
who
wants
to
volunteer.
So
if
people
we've
had
some
great
volunteers
in
the
past
to
organize
the
node
component,
so
I'm
looking
forward
for
people
to
step
up
and
help
get
that
going
too.
G
Should
we
mention
the
security
release?
Is
that
what
richard
has
his
hand
up
for.
H
Yes
and
then
I
had
something
else,
I
wanted
to
just
announce
so
yeah
I
I
can
go.
I
guess
we,
we
got
security
releases
out
on
monday,
so
you
know,
there's
a
blog
post
on
the
website,
so
read
that
an
update
is
necessary.
H
The
other
thing
I
wanted
to
mention
is:
we
have
renewed
the
ssl
certificates
on
the
main
node.js
website
and
associated
websites
that
is
now
live,
so
the
certificates
were
due
to
expire
next
week,
so
we
have
hopefully
avoided
nasty
sort
of
things,
not
trusting
downloads
and
everything,
but
yeah
that
that
that's
been
live
for
about
a
day
now,
so
no
one's
complaining,
hopefully
that's
all
been
smooth,
but
obviously
if
anyone
does
notice
anything
weird,
please
open
an
issue
over
and
build.
A
A
G
There
was
no
meeting
this
week.
There
is
some
work
going
on
on
the
license
verification
tool,
but
I
don't
know
that
I
have
anything
to
share.
I
know
you're
on
the
cpc2
michael,
if
you
have
anything
come
to
mind.
A
A
So
if
you
have
any
interest
you
know
and
want
to
to
sort
of,
follow,
what's
going
on
there
or
contribute
we're
working
on
some
of
that
documentation
in
a
new
community
fund
repo
in
the
open.js
work.
So
that's
something
to
look
out
for
if
you're
interested.
A
And
from
the
board,
I
don't
think
there's
there's
nothing,
no
updates
on
that
front.
So,
let's
move
on
to
the
issues
tag
for
the
agenda.
The
first
one
is
doc,
make
contributing
info
more
discoverable.
That's
one
that
I
tagged
to
the
agenda.
A
I
really
just
want
to
get
some
feedback
before
I
spend
too
much
time
fixing
links
and
all
that
kind
of
stuff.
I've
seen
a
a
couple.
People
comment,
but
the
the
main
change
is
that
we
currently
have
a
like
a
doc
guides
if
you've
looked
at
the
tree
and
that
you
know,
through
several
different
discussions,
hasn't
seemed
to
be
intuitive
for
a
person
for
people
to
look
for
things
like
our
style
guide
and
other
contributing
related
stuff.
So
I'm
proposing
we
actually
change
that
path
so
that
it
doesn't
say
doc
guides.
A
Instead,
it
says
basically
doc
contributing
and
basically
just
move
all
the
files
over
there
and
you
know
the
reason
I'm
asking
is:
it's
gonna
require
changing
a
whole
bunch
of
links
in
a
bunch
of
files,
so
it'd
be
good
to
know.
If
there's
any
objections
before
I
go
ahead
and
do
the
rest
of
that.
A
I
think
our
link
checker
really
helps
us
there,
because,
when
I
submitted
the
pr
like
the
local
build,
didn't
tell
me
that
a
bunch
of
the
links
were
broken
because
I
think
it
just
looks
at
the
files
I
changed.
But
but
when
we
ran
the
the
like
the
ci
or
the
the
actions
on
the
pr,
I
complained
about
a
whole
bunch
of
things.
So
I'm
right.
G
Yeah,
the
lens
the
the
markdown
linter
won't
won't
what
you
can
get
to
link
to
everything
is
you
can
remove
tool
tools,
slash
dot,
md
lint
stamp
or
something
like
that,
and
then
it
will
link
everything
but
it'll
take
a
lot
longer.
So,
okay.
A
G
We'll
fix
them
as
we
find
them,
they'll
be
okay,
yeah
and
gary
says,
plus
one
plus
one
just
for
the
record
and
the
stream.
A
We'll
move
on
to
the
next
one
then,
which
is
four
one.
One
three
managed
feature
requests,
that's
another
one
that
I
tagged
for
the
agenda
a
while
back
the
I
guess.
The
new
thing
is
I
I
did
open
a
pr
which,
basically,
I
I
think,
covered
some
of
the
stuff
we
discussed
the.
There
is
a
little
bit
of
discussion
going
on
there.
That
is
like
its
effect,
what's
covered
in
that
pr
is
just
that
we
will
use
something
like
stale
bot
to
automatically
close
feature
requests.
A
After
a
certain
amount
of
time,
people
can
tag
the
issue
so
that
they
never
get
close.
So
if
collaborators
look
at
features,
feature
requests
and
say,
hey,
no,
that's
an
important
one.
I
don't
want
it
to
close.
There
is
a
way
to
do
that,
but
otherwise
you
know
after
I
think
it's
six
months
of
no.
You
know
no
comments,
no
discussion.
After
six
months.
A
They
would
be
closed
and
you
know
I
guess
the
if
we
want
to
do
something
more
active,
because
there's
been
like
a
few
suggestions
that
like
hey,
we
should
do
something
with
those.
A
I
think
we
as
a
tsu
would
need
to
figure
out
well
what
is
that
and
who's
going
to
do
it,
because
I'm
I'm
almost
just
trying
to
document
what
we
do
now,
but
not
have
things
stay
open
forever
right,
so
I
don't
know
if
people
have
thoughts
in
terms
of
like
beyond
closing
things
that
beyond
having
the
option
not
to
have
them
ever
close
and
having
the
people,
those
that
are
not
tagged
that
way
being
closed.
What
else
should
we
be
trying
to
do
or
trying
to
encourage
people
to
do.
E
E
E
A
I
think
it's
worth
not
having
them
open,
like
it's
good
for
people
to
open
them,
so
that
we
know
what
they're
asking
for
and
if
there
are
collaborators
you
know
that
that
are
looking
for
something
they
have
something,
but
I
don't
know
that
leaving
them
open
like
right
now,
we've
got
249,
which
is
like
20
percent
of
all
our
issues,
or
these
feature
requests
and
having
them
open.
I
don't
if
anything
like
if
it's
giving
people
a
false
sense
that
something's
gonna
happen,
that's
almost
a
detriment
right,
they're
still
there.
A
If
we
close
them
they're
just
you
know
we're
basically
just
saying
we
don't
think
there
anything
is
going
to
happen
and
under
what
I
proposed
there,
anybody
could
tag
it
with
like
any
any
collaborator
could
tag
it.
I
think,
with
not
stale,
never
stale,
in
which
case
it
would
stay
up.
So
you
know
I
know
there
are
some
that
we'll
look
at
and
say
oh
yeah,
well
that
one
we
have
to
do
or
whatever
and
those
we
could
easily
keep
alive.
E
Yeah,
so
my
gut
feeling,
probably
I
may
be
wrong,
but
this
is
what
I'm
sensing,
the
collaborators
who
are
capable
of
implementing
these
features.
They
probably
don't
have
enough
bandwidth,
but
they
know
what
is
the
path
forward.
They
know
the
design,
they
know
the
implementation,
specifics,
etc,
but
because
they
don't
have
the
bandwidth
they're,
not
initiating
it,
people
like
newcomers,
new
contributors,
etc.
They
have
the
willingness,
they
have
the
bandwidth,
but
they
don't
have
the
know-how
to
convert
an
rfe
into
a
full-blown
pr.
A
A
Yeah,
I
wouldn't
want
to
say:
well:
let's
just
leave
them
open
until
we
figure
that
out,
because
I
don't
know
if
we
ever
will
figure
that
out
or
have
somebody
to
volunteer
to
really
champion
it.
And
if
we
do,
we
can
easily
tweak
what
we
do
right
like
it'd,
be
if
we
think
we're
gonna
like
actively
review
them
say
you
know,
we
could
propose,
let's
actively
review
them
in
the
tse
meetings
or
something
like
that.
We
could
easily
adjust
the
what
we've
documented
as
the
current
process,
to
include
that
to
tweak
it.
A
I
don't
know
if
anybody
else
has
any
other
thoughts
they
want
to
share.
On
that.
I
mean
please
jump
back
into
the
issue
in
the
pr,
but
just
wanted
to
make
sure
we're
talking
about
like
how
do
we
handle
these,
because
I
think
just
leaving
them,
leaving
them
open
and
having
that
grow
over
time
is,
is
probably
not
the
best.
The
best
approach
in
my
mind-
and
you
know,
even
if
we
can
document
what
we
do
today-
that's
at
least
a
starting
point
and
take
some
action.
A
Okay,
that's
I
don't
want
to
take
up
all
the
time.
So
let's
go
back
to
the
take
that
back
to
github
and
I
will
go
back
to
the
agenda.
A
I
need
to
open
that
if
somebody
the
person's
here
who
added
that
to
the
agenda,
wants
to
speak
up.
Otherwise
I'm
looking
for
that.
So
I
guess
mateo.
You
added
that
to
the
agenda,
which
one
sorry
I
am.
This
is
number
four
zero.
Seven
one,
eight
clarification
around
real
world
risk
since
uk
use
cases
of
vm
module.
D
Yes,
okay,
this
is
a
fun
one.
I
put
it
in
there
a
long
time
ago,
so
fun.
So
what
is
the
problem
and
the
what
what
we
are
trying
to
solve?
So
we
keep
receiving
reports
on
ocker,
one
related
to
people
that
use
vm
the
vm
module
to
build
sandboxes
and
to
make
it
to
which
to
make
it
possible
to
execute
untrusted
code
in
a
node.js
runtime.
D
We
do
not.
We
are
not
aware
of
I'm
not
aware
of
an
implementation
of
that
that
can
actually
guarantee
this
okay.
They
say
they
are
doing
it,
but
they
repeatedly
need
to
patch
holes
as
soon
as
they
are
discovered.
So
the
result
is
that
is
not
considered.
It's
not
it's
very
hard
to
consider
it's
safe
to
actually
do
use
it.
Okay,
it's
it's
really
brittle
at
this
point.
Okay,
to
the
point
that
we
say
that
is
not
it's
not
something
that
we
can
use
for.
For
that.
D
However,
one
of
those
security
researchers
argued
that
we
need
to
make
the
test
more
clear.
I
recommended
them
to
put
that
issue
on
the
tracker,
which
resulted
in
a
little
bit
of
a
back
and
forth
between
multiple
individuals
that
we're
all,
but
we
should
be
there.
It
should
not
be
there
it's
already
there
there's
values,
discussion
about
it.
D
G
I'll
say
that
the
text
needs
to
be
stronger
just
because
you
know
you
know
with
the
context
you
laid
out.
People
keep
doing
this.
We
need
to
make
it
more
prominent.
It's
it's
a
super
important
thing
about
the
vm
module
to
know
that
you
know
it's.
It's
probably
difficult,
definitely
difficult
and
probably
impossible
or
nearly
impossible
to
use
it
to
write
a
secure
sandbox
and
that
information
needs
to
be.
D
F
F
Node,
compatible
version
of
workforce
is
kind
of
a
local
development
environment
they're
using
vms
right
now
to
kind
of
simulate.
This
environment
would
actually
like
to
have
like
true
ice.
True
isolation
like
be
able
to
actually
run
something
in
its
own.
Isolate
within
here
anna
did
some
work
in
a
standalone
module
and
that
actually
does
something
of
what
we
want
but
being
able
to
spin
up.
You
know
to
instantiate
a
new,
isolate
and
allow
it
to
run.
You
know
it
would
block
the
currents.
F
The
current
will
take
over
the
thread
while
it's
running
so
it
would
be
synchronous,
but
while
it's
running
have
its
own
heap
space,
its
own,
isolate,
something
that
that
is
running
on
on
on
the
current
thread
and
just
not
inject
any
of
the
node
api
into
that
automatically
actually
gives
us
quite
a
bit
of
a
of
a
nice
sandbox
and
would
cover
what
we
need.
I've
actually
been
sketching
out
designs
for
this
to
actually
just
add
something
to
node.
It's
not
something.
F
That's
that
I'm
going
to
be
able
to
do
soon,
I'm
hoping
to
get
to
it
this
year,
but
I,
I
think,
the
better
approach.
Yes,
we
document,
but
I
still
think
people
are
going
to
ignore
the
documentation.
I
think
we
actually
need
to
have
an
api
in
core
that
does
this.
F
C
Okay,
so,
first
of
all,
basically
plus
one
to
everything
that
mateo
said,
the
state
of
the
ecosystem
is
not
very
good
about
this
and
the
numerous
models
that
are
trying
to
use
them
as
isolation
and
the
constructive,
broken
and
accuracy
model.
E
C
C
I
have
personally
seen
multiple
issues
with
the
m2
that
perhaps
got
fixed
now,
but
I'm
not
sure
what
is
the
current
state,
of
which
I
did
not
take
a
look
for
some
time.
I
would
propose
that
you
say
that
any
combination
of
vm
module
and
some
javascript
code
that
tries
to
use
the
vm
module
as
an
installation
is
unsafe
to
use
in
easily
as
an
installation
mechanism.
C
I
wanted
framed
like
that,
because
I'm
not
sure
if
we
can
say
this
about
modules
that
try
to
use
native
code
and
vm
module
yeah.
That
could
be
much
more
robust
than
just
anything
that
those
models
try
to
achieve
with
just
the
module
and
some
javascript.
On
top
of
that.
C
C
But
any
combination
of
just
vehement
javascript,
on
top
of
that
that
I
have
seen,
did
not
do
good
and
did
not
work
properly
at
the
time
that
I
have
seen
them.
A
G
Yeah,
I
think,
there's
consensus
there.
I
think.
Maybe
I
don't
know
I
don't
know
if
mateo
wanted
more
than
more
than
that
to
be.
D
D
So
if
we
want
to
close
it
with
some
additional
text
on
it
to
make
it
more
definitive,
then
if
somebody
that
is
more
adapt
to
security
than
me
can
take
can
take
the
lead,
I
would
very
happy
have
somebody
it's
probably
better
if
somebody
else
that
can
that
gets
involved
into
this
into
that
so
anyway
write
something
up.
I
don't
it
does
not.
D
At
the
very
top,
I
don't
know
how
you
know,
it's
something
you
read
and
says.
Look
this
is
not
a
security.
D
A
A
I
would
I
will
carry
on
with
her
agenda
because
we
do
have
a
limited
time
and
yeah.
Somebody
could
add
that
I
renamed
the
default
branch
for
master
domain.
I
don't
think
I
know
of
any
progress
on
that
this
week,
still
down
to
like
a
few
of
the
more
difficult
sort
of
repos
that
we
need
to
make
that
change
in
like
build
and
so
forth.
But
I
don't
know
that
we've
made
any
progress
this
week.
Somebody
else
has
any.
A
So
just
leave
it
on
the
list
as
a
reminder
that
we
just
need
to
close
it
out.
The
next
one
is
number
one
one
for
nominating
darshan
sen
to
be
a
tc
member.
I
guess
rich
if
we
closed
out
on
the
vote,
for
that.
When
does
that
close
at?
In
terms
of
that?
Oh.
G
Yeah
yeah
go
ahead
and
close
that
we
we
got
everything
we
needed.
Sorry.
A
G
A
We
do
have
to
get
them
to
add
their
yeah
well
I'll
I'll
leave
now
yeah
sure.
Okay,
it
is
closed.
Perfect,
okay,
move
on
to
the
next
one,
which
is
invite
tc
members
in
the
google
calendar
event
for
meetings.
That
is.
A
A
Okay,
so
the
next
one
is
vote
of
primordials
number
1104,
I
think
jarish
you
were
you
were
you
were
antoine,
was
pushing
that
forward.
E
I
was
driving
in
the
beginning,
but
little
stretched
on
the
personal
front
at
this
point
of
time
this
week
and
the
next.
So
I
would
request
antoine
if
he
can
drive
it
for
the
first
vote.
B
G
G
F
A
So
the
one
thing
I
will
mention
on
that,
I
guess
I
didn't
tag
it
before
the
issue
was
generated
for
this
week,
but
there
is,
we
are
planning
a
mini
summit,
that's
part
of
the
next
10
work
and
under
that
we're
covering
modern
http,
so
we're
hoping
to
get
people.
You
know
obviously
as
many
tsc
members
as
we
can,
but
also
people
from
from
the
indici
team
you
james
from
the
the
quick
team
to
just
talk
about
what
should
the
project
be
doing?
Are
we
already
doing
it
like?
A
The
answer
could
be
we're
already
on
top
of
things?
No
problem,
or
here
are
the
things,
the
key
things
that
we
at
least
want
to
know.
We
should
do
that
seem
to
work
pretty
well
for
our
types
and
single
single
binaries,
so
we'll
be
sort
of
promoting
that
trying
to
get
as
many
people
as
many.
A
People
who
are
interested
and
have
the
context
involved
in
that,
so
just
a
heads
up
yeah,
then
the
other
one
like
a
v8
currency.
Anything
michael
on
that
front.