👋 Hello. I’m part of your software supply chain and that’s fine.

I’m Ulises Gascon from Spain, a Node.js core collaborator, Express.js Technical Committee member, Yeoman Maintainer, TC39 Delegate, and security lead maintaining 200+ OSS packages including widely-used libraries like mime-types, send, express, body-parser, and more.

I started with DIY robotics and the Maker movement, now I maintain the critical infrastructure behind the JavaScript ecosystem.

I co-author official Node.js security best practices, maintain threat models for several projects, and ship key releases like Node.js 20.x and the long-awaited Express 5.0.0. I'm also part of the OpenJS Foundation CNA, helping coordinate CVE disclosures across popular JavaScript projects.

I also reboot legacy tools (like Yeoman), build CI/CD and monitoring infra for maintainers (like Jenkins Alerts and OSSF Scorecard Monitor), and wrote Node.js for Beginners to help more developers get started.

If your codebase runs JavaScript in production… I’ve probably touched part of it. 😊

✨ Your financial support directly funds my ongoing work in several ways:

• Patch vulnerabilities before they become incidents
• Develop and release stable versions of Node.js, Express, and other critical libraries
• Build tools and infrastructure for OSS maintainers
• Keep the JavaScript ecosystem secure and sustainable

🏷️ Sponsorship Tiers

Whether you're an individual developer, a startup, or a large organization — there’s a tier for you:

• ☕ Supply Chain Supporter — Early access to my informal newsletter
• 🥉 Bronze Sponsor — Logo on my GitHub and website + shout-out on social media
• 🥈 Silver Sponsor — All Bronze perks + quarterly strategy call
• 🥇 Gold Sponsor — All Silver perks + private communication channel for async input
• 💎 Platinum Sponsor — Custom agreements for larger orgs with unique needs (e.g. compliance, ecosystem alignment, long-term support, NDAs, invoicing)

⚖️ Due to ethical and sustainability concerns, I reserve the right to decline sponsorships from individuals, companies or brands that conflict with my values or the integrity of the open source ecosystem.