Mikeal Rogers, a developer on the io.js team and an active member of the Node community, has posted a proposal on GitHub for reconciliation of the io.js fork with Node.js.

Rogers posted an open GitHub proposal entitled “Reconciliation Proposal #978,” laying out preliminary plans for the merger, the technical governance structure, proposed working groups, and a long-term support road map associated with merging the two evented JavaScript I/O forks. Under the proposal, io.js would retain much of its autonomy, but with all its working groups moving under the Node banner.

“While io.js is often used as a starting point, this document treats a future project under the foundation as a new organism made from the merger of each project and not as an extension of only Node.js or only io.js,” wrote Rogers. “The goal of the merger should be a project that is actually greater than the sum these parts.”

The proposal is currently under debate.

Top mobile application security issues
FireEye has released a report analyzing top mobile application vulnerabilities. The “Out of Pocket: A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps” report revealed that Android malware is growing and iOS devices are increasingly at risk.

“Today, mobile apps represent a significant threat vector for enterprises,” said Manish Gupta, senior vice president of products at FireEye. “Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device.”

Findings indicate mobile devices face risks from:

  • Malicious apps
  • Legitimate apps that are poorly written
  • Legitimate apps that use insecure or aggressive ad libraries
  • Malware/aggressive adware
  • Identify theft
  • SMS fraud

The full report can be found here.

Google open-sources gRPC
Google is releasing a new framework for managing remote procedure calls into open source. The gRPC framework is based on the HTTP/2 standard, and it is designed to simplify the creation of scalable APIs and micro services in programming languages and platforms, according to the company.

“gRPC is based on many years of experience in building distributed systems,” wrote Mugur Marculescu, product manager at Google, on the company’s blog. “With the new framework, we want to bring to the developer community a modern, bandwidth- and CPU-efficient, low-latency way to create massively distributed systems that span data centers, as well as power mobile apps, real-time communications, IoT devices, and APIs.”

The project features support for C, C++, Go, Java, Node.js, Python and Ruby.

Android Pay API reportedly set to launch at Google I/O
Google is set to unveil an Android Pay service and API at its Google I/O developer conference in May.

Sources told Ars Technica the payment API will power in-store and in-app mobile transactions for third-party Android applications, enabling single-tap transactions. According to Ars, Android Pay will be based atop Android Host Card Emulation, which makes it easier for third-party apps to take advantage of Android phones’ Near Field Communications chips.