From d5dec44797a0c7575fee808285cd6fca0d605050 Mon Sep 17 00:00:00 2001 From: Eric King Date: Sun, 12 Jul 2026 11:15:58 -0500 Subject: [PATCH 1/2] docs: added `CONTRIBUTING.md` --- CONTRIBUTING.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..8b2d67f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,64 @@ +# Contributing + +## Setup + +```shell +git clone https://github.com/webdeveric/utils.git +cd utils +corepack enable +pnpm install --frozen-lockfile +``` + +### Node.js version + +This project uses the Node version in [.node-version](.node-version). + +Run `fnm use` or `nvm use` to ensure you're using the correct Node.js version. + +## Testing + +Run tests in watch mode + +```shell +pnpm test +``` + +Run tests and generate a coverage report. + +```shell +pnpm coverage +``` + +## Linting, type checking, and spell checking + +These all run in CI and must pass before a PR can be merged. + +```shell +pnpm lint +pnpm typecheck +pnpm spellcheck +``` + +Run `pnpm format` to apply Prettier formatting. A `pre-commit` hook auto-fixes lint/format/spelling issues on staged files, so most of this happens for you on commit. + +## Building + +```shell +pnpm build +``` + +## Commit messages + +Commit messages should follow [conventional commits](https://www.conventionalcommits.org/). + +Releases are created automatically and the version bump is determined from the commit messages. + +## Pull requests + +If you want to add a large feature or breaking change, please open an issue first so it can be discussed. + +:warning: Low effort AI generated PRs will be closed without any explanation. + +## Security + +To report a security vulnerability, see [SECURITY.md](SECURITY.md) instead of opening a public issue. From b10d894d564d49246e43dc6506091d20003731c8 Mon Sep 17 00:00:00 2001 From: Eric King Date: Sun, 12 Jul 2026 11:17:45 -0500 Subject: [PATCH 2/2] docs!: updated security policy BREAKING CHANGE: versions less than `1.0.0` are not supported --- SECURITY.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 80b1259..32268e4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,14 @@ # Security Policy -## Supported Versions +## Supported versions -### `v0.x.x` +Only the last two major versions are supported. -Until `v1+`, only the latest version is supported. +| Version | Supported | +| ------- | ------------------ | +| 1.x.x | :white_check_mark: | +| 0.x.x | :x: | -### `v1.x.x+` +## Reporting a vulnerability -Only the last two major versions are supported. +Click the "**Report a vulnerability**" button on [https://github.com/webdeveric/utils/security](https://github.com/webdeveric/utils/security).