layout	permalink	quick_assessment	name	website	logo1	logo2	logo1_usage	benefit	procurement_guidance	procurement_references	usg_instances	managed_by	managed_by_url	license_url	about_url	issue_tracker_url	src_code_url	stable_release	stable_release_url	commercial_support_url	us_cert_recent	security	videos
listing2	/nodejs/	name value GovReady Internal true name value GovReady External true name value In use? true name value Patching? true name value Enterprise version? true name value Support? true name value Recommended for FISMA L name value Easy procurement? true name value SCAP? false	NodeJS	http://www.nodejs.org/	/img/listings/nodejs/nodejs.png		http://nodejs.org/logos/ http://nodejs.org/trademark-policy.pdf	NodeJS significantly lowers the cost of large scale, real-time web apps with lots of interactions back and forth between the user and the server or between the users. NodeJS is also useful when user interactions trigger different types of events on the server that take varying amounts of time to complete.	<p>NodeJS is licensed to the general public therefore should be treated as commercial computer software (e.g., COTS) as per <a href="http://acquisition.gov/far/current/html/Subpart%202_1.html#wp1145508">FAR Supbart 2.101</a>.</p> <p>NodeJS is available as open source software and in this format can be acquired and used at no contract directly by agency staff and contractors according to the agency's policy on open source software. Staff and contractors at government agencies that do not have formal open source software policy are authorized to use open source according to the FAR.</p> <p>An enterprise version of NodeJS is offered by <a href="http://www.joyent.com/technology/nodejs">Joyent</a>. As of this writing, only Joyent offering an enterprise version of NodeJS and therefore is eligible for sole source acquisition.</p> <p>Various vendors host applications in NodeJS. Various vendors support NodeJS and NodeJS applications.</p>	name url description FAR Part 12—Acquisition of Commercial Items http://acquisition.gov/far/current/html/FARTOCP12.html This section describes purchase options name url summary Federal Acquisition Regulation; FAR Case 2000-305, Commercially Available Off-the-Shelf (COTS) Items https://www.federalregister.gov/articles/2009/01/15/E9-551/federal-acquisition-regulation-far-case-2000-305-commercially-available-off-the-shelf-cots-items The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) have agreed on a final rule amending the Federal Acquisition Regulation (FAR) to implement Section 4203 of the Clinger-Cohen Act of 1996 (41 U.S.C. 431) (the Act) with respect to the inapplicability of certain laws to contracts and subcontracts for the acquisition of commercially available off-the-shelf (COTS) items. name url description Free-Libre / Open Source Software (FLOSS) is Commercial Software http://www.dwheeler.com/essays/commercial-floss.html Nearly all FLOSS projects are commercial. In this essay I’ll explain why it so important to understand that FLOSS software is almost always commercial, and then give examples of each of those four points (listed above) to justify the claim that FLOSS is commercial.	name organization description url img_src ec2mapper CFPB EC2mapper is a web application that provides a user-friendly interface to view Amazon AWS network configurations. https://github.com/cfpb/ec2mapper /img/listings/ec2mapper/ss2_cropped.png name organization description url img_src live_url design-manual CFPB A set of design principles and standards for the Consumer Financial Protection Bureau. https://github.com/cfpb/design-manual /img/listings/design-manual/dm_900x500.png http://cfpb.github.io/design-manual/ name organization description url img_src live_url qu CFPB Qu is a framework for building data APIs. https://github.com/cfpb/qu/ /img/listings/qu/qu_900x500.png http://cfpb.github.io/qu/	Joyent	http://www.joyent.com/technology/nodejs	https://raw.github.com/joyent/node/v0.10.26/LICENSE	http://www.nodejs.org/about/	https://github.com/joyent/node/issues	https://github.com/joyent/node	v0.10.26	http://www.nodejs.org/download/	http://www.joyent.com/products/support-nodejs	<a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4450">10/21/2013 - CVE-2013-4450</a> <span class="text-warning">Medium severity</span> The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.	https://nodesecurity.io/advisories https://nodesecurity.io/rss.xml https://twitter.com/nodesecurity http://blog.nodejs.org/ https://groups.google.com/forum/#!forum/nodejs-sec http://www.slideshare.net/evilpacket/node-day-enterprise-nodejs-security	<h4>NodeJS intro</h4><iframe width="260" height="157" src="//www.youtube.com/embed/GJmFG4ffJZU" frameborder="0" allowfullscreen></iframe> <h4>NodeJS Tech Internals</h4><iframe width="260" height="157" src="http://www.youtube.com/embed/L0pjVcIsU6A" frameborder="0" allowfullscreen></iframe>