This article discusses best practices and tools for DevSecOps in open source projects, focusing on JavaScript and Node.js. It covers topics such as responsible security disclosure policies, establishing security processes and guidelines, ensuring all maintainers and collaborators have two-factor authentication enabled, avoiding data breaches and sensitive information exposure, integrating open-source dependency scanning and fixing, using the Snyk Advisor to search and compare over 1 million open source packages on the npm registry, and adopting a responsible security disclosure policy. The article also highlights the importance of preventing password leaking, using git hooks to detect secrets, and integrating Snyk into the git workflow for fast and secure development.