Skip to content
You must be logged in to sponsor UlisesGascon

Become a sponsor to Ulises GascΓ³n

@UlisesGascon

Ulises GascΓ³n

UlisesGascon
Madrid

If your company runs JavaScript in production, some of this work is running in your infrastructure right now. Together with an amazing group of co-maintainers, we keep hundreds of npm packages running across the ecosystem, coordinate security for projects under the OpenJS Foundation, ship Node.js releases, and help govern Express, Lodash, and Yeoman.

Most of this work is volunteer. There is no company behind it. There are no employees.

✨ What your sponsorship sustains

Keeping your dependencies secure. When a vulnerability hits a package with 100M+ weekly downloads, someone needs to assess it, coordinate the fix, and ship a patch. I triage vulnerability reports, write patches, coordinate CVE disclosures, and author threat models and incident response plans for packages you probably depend on (Read more).

Shipping the releases you depend on. Hundreds of packages. All of them need someone to keep the lights on. I'm one of a small group authorized to sign and ship Node.js releases. I also ship dozens of releases every year across the Express, Lodash, and Yeoman ecosystems (Read more).

Turning fragile into sustainable. Code is the easy part. The hard part is everything around it. I helped ship Express 5.0 after a decade of waiting and rebuilt Lodash's governance from scratch. I reform governance structures, mentor new maintainers, and build the foundations that turn one-person projects into sustainable ecosystems (Read more).

🎁 What sponsors actually get

On December 3rd at 8:30 PM, a critical React Server Components vulnerability dropped with a CVSS score of 10.0. Within minutes, Orbitant had someone in their Slack who understood the impact, helped assess exposure, and coordinated the response. By the next morning, they had full visibility and patches rolling out while most companies were still finding out about it.

"Information flows faster than coffee in our Slack when a critical CVE appears. And that's exactly what we're looking for." β€” Orbitant

When Express 5.0 shipped after a decade, sponsors understood the migration path from someone who helped build it. When Node.js changed its release schedule, sponsors understood the implications before the announcement went public.

🏷️ Sponsorship Tiers

Whether you're an individual developer, a startup, or a large organization, there's a tier for you:

  • β˜• Supply Chain Supporter β€” Early access to my informal newsletter
  • πŸ₯‰ Bronze Sponsor β€” Logo on my GitHub and website + shout-out on social media
  • πŸ₯ˆ Silver Sponsor β€” All Bronze perks + quarterly strategy call
  • πŸ₯‡ Gold Sponsor β€” All Silver perks + I join your team's Slack for real-time ecosystem intelligence
  • πŸ’Ž Platinum Sponsor β€” Custom agreements for larger orgs (compliance, ecosystem alignment, long-term support, NDAs, invoicing)

I reserve the right to decline sponsorships that conflict with my values or the integrity of the open source ecosystem.

@UlisesGascon

✨ I will create a private repository for the sponsors to connect and discuss. Let's start a small community!

Featured sponsors

@weorbitant

Current sponsors 8

@vorandrew
@nucliweb
@ljharb
@wrslatz
@sdesalas
@DrewAPicture
@barelyhuman
@weorbitant
Past sponsors 5
@jsga
@mfdebian
Private Sponsor
@rauchg
@GitHub-SecureOSS-Fund

Featured work

  1. nodejs/node

    Node.js JavaScript runtime βœ¨πŸ’πŸš€βœ¨

    JavaScript 116,817
  2. expressjs/express

    Fast, unopinionated, minimalist web framework for node.

    JavaScript 68,947
  3. nodejs/build

    Better build and test infra for Node.

    Jinja 532
  4. nodejs/security-wg

    Node.js Ecosystem Security Working Group

    Go 536
  5. UlisesGascon/sample-terraform-localstack

    Sample project to use Terraform, Localstack (AWS Local) and Docker compose with Nodejs

    JavaScript 60
  6. ossf/scorecard-monitor

    Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

    JavaScript 49

Learn more about sponsoring developers and organizations.

Report abuse

53% towards 15 monthly sponsors goal

@barelyhuman @ljharb
@wrslatz @sdesalas @DrewAPicture @weorbitant @vorandrew

barelyhuman and 7 others sponsor this goal

Select a tier

$ a month

You'll receive any rewards listed in the $5 monthly tier. Additionally, a Public Sponsor achievement will be added to your profile.

$5 a month

Select

β˜• Supply Chain Supporter Tier

For individuals who want to say thanks and help keep things running.

✨ You get:

  • Sponsor badge on your GitHub profile
  • Your avatar and username shown in my GitHub sponsor section
  • Early access to my informal behind-the-scenes newsletter
  • That warm feeling of keeping JavaScript alive πŸ˜„
  • Access to private sponsor-only repos (coming soon)

$100 a month

Select

πŸ₯‰ Bronze Tier

For small teams, startups, or companies relying on my work.

✨ You get:

  • All Supply Chain Supporter perks
  • Your logo featured on my GitHub profile and personal website
  • A thank-you mention in a public post (social or blog)

$500 a month

Select

πŸ₯ˆ Silver Tier

For companies that want to back OSS stability and gain visibility.

✨ You get:

  • All Bronze Sponsor perks
  • A quarterly strategy call (roadmap updates, ecosystem insights)
  • Mentions in talks or blog posts (when relevant)

$1,000 a month

Select

πŸ₯‡ Gold Tier

For organizations that rely deeply on my work and want strategic alignment.

✨ You get:

  • All Silver Sponsor perks
  • Option to include me in a team chat for async ecosystem insight and informal collaboration (no SLA).
  • A private line for your team to share input or surface relevant ecosystem challenges (informal, non-binding, and useful context for my roadmap)