Open Collective
Image

DaloyJS

@daloyjs

Hardened by default. Portable by design.

This is DaloyJS's pageDaloyJS
Image
About
Image

About

Support DaloyJS


DaloyJS is an open-source TypeScript framework built with security, maintainability, and developer experience as first-class priorities.

As DaloyJS continues to mature, we want to further strengthen trust in the framework through an independent third-party security assessment.

Current Goal

🎯 Raise USD 3,000 to fund an independent security audit performed by a recognized application security firm such as Cure53, Trail of Bits, or another reputable security company.
The goal of this initiative is to provide developers and organizations with additional confidence when evaluating DaloyJS for production environments.

Why an Independent Security Audit?

Open-source frameworks often become critical infrastructure for applications and businesses. While DaloyJS is continuously reviewed and tested, an independent security assessment provides additional assurance by identifying vulnerabilities, validating security assumptions, and recommending improvements.

A public audit also helps organizations make informed decisions when adopting DaloyJS in production.

Planned Audit Scope

  • Independent source code review
  • Security architecture assessment
  • Identification of potential vulnerabilities
  • Threat modeling and security recommendations
  • Review of authentication, authorization, and framework security features
  • Publication of a public security report whenever possible

Security Roadmap

✅ Security-focused framework architecture
✅ Continuous internal security reviews
✅ Automated testing and quality assurance
🔄 Community fundraising for an independent audit
⏳ Third-party security assessment
⏳ Public disclosure of audit results (when permitted)
⏳ Remediation of findings and ongoing hardening

How Funds Will Be Used

All contributions will be used exclusively for:
  • Independent security audits
  • Remediation work related to audit findings
  • Security hardening initiatives
  • Future security improvements and infrastructure costs

All income and expenses will remain publicly transparent through Open Collective.

Support the Future of DaloyJS

If you or your organization use DaloyJS, are evaluating it for production, or simply believe in secure open-source software, please consider sponsoring this initiative.

Every contribution helps strengthen the security and long-term sustainability of the DaloyJS ecosystem.

Thank you for supporting open source.