Skip to main content

One Beyond Open Source Maintainers Meeting 2023-03-23

  • recording: Link
  • Github issue: #57
  • Minutes Google Doc: Link


Use github alias

  • Admins team: @onebeyond/admins
  • Maintainers team: @onebeyond/maintainers
  • Ulises Gascon: @ulisesgascon
  • Íñigo Marquínez Prado: @inigomarquinez
  • Carlos Serrano: @carpase
  • Carlos Jiménez: @Betisman
  • Matteo Di Paolantonio: @MatteoDiPaolo


  • Scorecard Updated to new version (bump to beta3 - issue mentions, tags and fix link)
  • Best project in OpenSSF Best Practices: Systemic-Knex. See

Review Scorecard results


Repo template as baseline

  • See #1
  • Almost everything is included using community health files, and we don’t have anything more to add right now to the template. So we’ll close the issue and we’ll open new ones if we want to include more things to the template.

Metafiles Definiton

  • See#15
  • Already included CODE_OF_CONDUCT, Issue and pull request templates and SECURITY
  • Still missing CONTRIBUTING, Discussion category forms (we don’t want this one right now), and SUPPORT. We’ll add them taking into account examples of well-know organizations.

Prototype Pollution in JSON5 via Parse Method

  • See #21
  • Still in progress. We’ll remove it from the agenda and inform once it’s solved

Missing NPM Package publication permissions

Repos with NPM version mismatch

Checklist for existing and new repositories

  • See #42
  • The draft tool we’re using is here.
    • The code has been improved to use GitHub’s GraphQL.
    • The output has been improved to render in JSON and CSV (next will be markdown).
    • It has already been used to detect some improvements in different repos of the OneBeyond org, and they have been fixed (mainly main branch protection and license).
    • The idea is to generate a GitHub action that can be run periodically to analyze the generated repost (similar to the scorecard).

Verifying or approving a domain for our organization

  • See #51
  • Does this affect to our github pages? Check the documentation
  • Ask IT to do the domain verification

BUG: Restore nuget CI publicacion for Monaco

  • See #56
  • Temporal patch (using @inigomarquinez personal token) that we should remove once we have a microsoft account and nuget account with that email

FEATURE: Release drafter

  • See #58
  • We have different alternatives to auto-create new releases with changelog. @carpasse and @inigomarquinez will do some demos to decide

Scheduled reminders

  • See #59
  • We find it interesting so it should be something to investigate because it can be interesting to add it progressively

Two-factor authentication

  • See #60
  • 99% of the users use 2FA. We have decided to do it mandatory. It will remove from the organization those users without 2FA (only 1 right now).

Q&A, Other

  • N/A

Upcoming Meetings

  • As it’s Easter in two weeks time, next meeting will be in one month (20th April 2023)