I'm a full-stack software engineer with 10+ years experience and a huge passion for Open Source...Full Bio

My current open source activity is highly focused on the JS ecosystem. I have dedicated my time to maintaining and contributing toover 200 open source packages, including some of the top 100 packages on the Npm registry.

Being part of the open source community has been both rewarding and challenging. I take great pride in helping to improve the ecosystem and support the developers who rely on these packages for their projects. I am constantly keeping track of new developments and bug fixes, responding to issues, and developing new features. It is also important to me to ensure accuracy, scalability, and security of the packages that I am involved with. More details inmy website.

• Member ofthe OpenJS AI Collab Space since 2025
• Member ofthe Webpack Security WG since 2025
• Member ofthe OpenJS Foundation CNA (CVE Numbering Authority) team since 2025
• TC39 Delegate (OpenJS Foundation) since 2024
• Participant ofthe TC39 TG3 (Security WG) since 2024
• Node.js Core Collaborator since 2024
• Member ofthe OpenJS Security Collaboration Space since 2024
• Regular Member ofthe OpenJS Cross Project Council since 2024
• Member ofthe Express.js Technical Committee since 2024
• Maintainer ofthe OSSF Scorercad Monitor andthe OSSF Scorecard Visualizer since 2023
• Node.js Releaser since 2023
• Member ofthe Node.js Performance Team since 2022
• Member ofthe Node.js Build Team since 2022
• Participant ofthe TC39 JS outreach groups since 2022
• Member ofthe Node.js Security WG since 2022
• OWASP (The Open Web Application Security Project) Member since 2022
• Member ofthe Express.js Triage Team since 2020
• Member ofthe Yeoman Core Team since 2019

• Expressjs
• Yeoman
• OWASP
• Nodejs
• One Beyond (prev:Guidesmiths) and many more...

• JavaScriptLandia Awards Leading by Example in 2024
• Snyk Ambassador since 2023
• Docker Captain since 2023
• Google Developer Expert (GDE) for Firebase since 2019
• Most Valuable Professional (MVP) for Developer Technologies from 2023 to 2025
• Auth0 Ambassador from 2020 to 2024

• Dominando o Node.js. Novatec Editora (2025)
• El Gran Libro de Node.js. Marcombo (2024)
• Node.js for beginners. Packt (2024)
• Docker Seguro. Leanpub (2022)
• Cybersecurity handbook. Guidesmiths (2020)
• JavaScript, ¡Inspírate!. Leanpub (2017)

• Node Congress 2025 | What is a Vulnerability and What’s Not? Making Sense of Node.js and Express Threat Models
• DevSecCon: Strengthening the Software Supply Chain and Open Source Projects
• Event in Spanish: Open Source Viernes con @ulisesgascon
• Web Reactiva 292: Mantener node.js sin poder fallarle a millones de programadores con Ulises Gascón
• ¿Qué TECH Cuentas? (Podcast) - Ep. 4 - Cómo es contribuir y mantener proyectos como NODE.JS, con Ulises Gascón
• WeCode2020: Tor Metrics con Firebase (Live Coding)
• JSDayCAN2019: ¿Tu Servidor en NodeJS es vulnerable?
• T3chFest2018: Scraping épico para gente sin APIs
• HackMadrid%27: Node4HackersTalk andworkshop
• Programar es una mierda #61: Se aceptan pull requests

Watch more inmy personal website

• Using Feature Flags and Canary Releases with Electron
• Node.js Binaries Integrity Checker
• How to do an Azure Blob media content optimization?
• How to use Azure IOT Device Update with custom debian/ubuntu packages?
• How to Synchronize Markdown files with Confluence?
• Use Github Actions to monitor Jenkins agents
• Ontology in the Digital Twins Definition Language universe
• Unlock the Power of IoT with Azure Digital Twin Modeling
• A Comprehensive Proof of Concept Walkthrough about Azure IOT Hub using Node.js
• How to use JSON Schemas and Semantic Versioning for everything?
• How to visualize the Node.js Machines inventory in a Dashboard?
• How to do load tests for an API using K6 and Grafana?
• How to use Terraform and Localstack?

Find more inmy repositories

• Decoding CVEs: A practical guide to assessing and mitigating security risks
• How Yeoman is Enhancing Security Through Policy Updates
• A New Chapter for Express.js: Triumphs of 2024 and an ambitious 2025
• How Express.js Rebuilt Its Vulnerability Reporting Process
• How does the Official Node.js News Feeder work?
• Dockerize Javascript IOT Applications
• Safely store secrets in Git using Blackbox
• You should use the OpenSSF Scorecard
• Node.js Security Best Practices
• What is a backdoor? Let’s build one with Node.js

Read more inmy blog

It is always a pleasure to hear from fellow developers and tech companies. If you have any potential projects or are looking for help maintaining a foss project, please reach out and contact me 🙂

The best way to contact me these days is throughemail. Alternatively, I'm also an active member ofthe OpenJs Foundation Slack group.

PinnedLoading

1. nodejs/nodenodejs/nodePublic

   Node.js JavaScript runtime ✨🐢🚀✨

   JavaScript 114k 33.4k

2. expressjs/expressexpressjs/expressPublic

   Fast, unopinionated, minimalist web framework for node.

   JavaScript 67.9k 21.1k

3. ossf/scorecardossf/scorecardPublic

   OpenSSF Scorecard - Security health metrics for Open Source

   Go 5.1k 574

4. nodejs/security-wgnodejs/security-wgPublic

   Node.js Ecosystem Security Working Group

   JavaScript 527 129

5. OWASP/NodeGoatOWASP/NodeGoatPublic

   The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

   HTML 2k 2k

6. yeoman/yeomanyeoman/yeomanPublic

   Yeoman - a set of tools for automating development workflow

   10.1k 732