diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..8b2d67f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,64 @@ +# Contributing + +## Setup + +```shell +git clone https://github.com/webdeveric/utils.git +cd utils +corepack enable +pnpm install --frozen-lockfile +``` + +### Node.js version + +This project uses the Node version in [.node-version](.node-version). + +Run `fnm use` or `nvm use` to ensure you're using the correct Node.js version. + +## Testing + +Run tests in watch mode + +```shell +pnpm test +``` + +Run tests and generate a coverage report. + +```shell +pnpm coverage +``` + +## Linting, type checking, and spell checking + +These all run in CI and must pass before a PR can be merged. + +```shell +pnpm lint +pnpm typecheck +pnpm spellcheck +``` + +Run `pnpm format` to apply Prettier formatting. A `pre-commit` hook auto-fixes lint/format/spelling issues on staged files, so most of this happens for you on commit. + +## Building + +```shell +pnpm build +``` + +## Commit messages + +Commit messages should follow [conventional commits](https://www.conventionalcommits.org/). + +Releases are created automatically and the version bump is determined from the commit messages. + +## Pull requests + +If you want to add a large feature or breaking change, please open an issue first so it can be discussed. + +:warning: Low effort AI generated PRs will be closed without any explanation. + +## Security + +To report a security vulnerability, see [SECURITY.md](SECURITY.md) instead of opening a public issue. diff --git a/SECURITY.md b/SECURITY.md index 80b1259..32268e4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,14 @@ # Security Policy -## Supported Versions +## Supported versions -### `v0.x.x` +Only the last two major versions are supported. -Until `v1+`, only the latest version is supported. +| Version | Supported | +| ------- | ------------------ | +| 1.x.x | :white_check_mark: | +| 0.x.x | :x: | -### `v1.x.x+` +## Reporting a vulnerability -Only the last two major versions are supported. +Click the "**Report a vulnerability**" button on [https://github.com/webdeveric/utils/security](https://github.com/webdeveric/utils/security).