-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4734338
commit 7bceafa
Showing
24 changed files
with
4,747 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
root = true | ||
|
||
[*] | ||
end_of_line = lf | ||
indent_size = 2 | ||
indent_style = space | ||
trim_trailing_whitespace = true | ||
insert_final_newline = true | ||
charset = utf-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
root: true | ||
extends: | ||
- eslint-config-mlauffer-nodejs | ||
- plugin:jsdoc/recommended-typescript-error | ||
- plugin:@typescript-eslint/recommended | ||
parser: '@typescript-eslint/parser' | ||
plugins: | ||
- '@typescript-eslint' | ||
rules: | ||
jsdoc/require-param: off | ||
jsdoc/require-returns: off |
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
@mauriciolauffer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
github: mauriciolauffer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: "npm" | ||
directory: "/" | ||
schedule: | ||
interval: "monthly" | ||
allow: | ||
- dependency-type: "production" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# For most projects, this workflow file will not need changing; you simply need | ||
# to commit it to your repository. | ||
# | ||
# You may wish to alter this file to override the set of languages analyzed, | ||
# or to provide custom queries or build logic. | ||
# | ||
# ******** NOTE ******** | ||
# We have attempted to detect the languages in your repository. Please check | ||
# the `language` matrix defined below to confirm you have the correct set of | ||
# supported CodeQL languages. | ||
# | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ 'javascript' ] | ||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
# Learn more about CodeQL language support at https://git.io/codeql-language-support | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
persist-credentials: false | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
# queries: ./path/to/local/query, your-org/your-repo/queries@main | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: Scorecards supply-chain security | ||
on: | ||
# Only the default branch is supported. | ||
branch_protection_rule: | ||
schedule: | ||
- cron: '10 5 * * 1' | ||
push: | ||
branches: [ master ] | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
analysis: | ||
name: Scorecards analysis | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# Needed to upload the results to code-scanning dashboard. | ||
security-events: write | ||
id-token: write | ||
|
||
steps: | ||
- name: "Checkout code" | ||
uses: actions/checkout@v3 | ||
with: | ||
persist-credentials: false | ||
|
||
- name: "Run analysis" | ||
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 | ||
with: | ||
results_file: results.sarif | ||
results_format: sarif | ||
# Read-only PAT token. To create it, | ||
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. | ||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} | ||
# Publish the results to enable scorecard badges. For more details, see | ||
# https://github.com/ossf/scorecard-action#publishing-results. | ||
# For private repositories, `publish_results` will automatically be set to `false`, | ||
# regardless of the value entered here. | ||
publish_results: true | ||
|
||
# Upload the results to GitHub's code scanning dashboard. | ||
- name: "Upload to code-scanning" | ||
uses: github/codeql-action/upload-sarif@v2 | ||
with: | ||
sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: test | ||
|
||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
test: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
persist-credentials: false | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 20 | ||
cache: npm | ||
- run: npm install -g eslint --ignore-scripts | ||
- run: npm ci --ignore-scripts | ||
- run: npm run lint | ||
- run: npm test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Code of Conduct | ||
|
||
This project is governed by the [Contributor Covenant version 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/). All contributors and participants agree to abide by its terms. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# How to Contribute | ||
|
||
Patches and contributions are welcome to this project. There are just a few small guidelines you need to follow. | ||
|
||
Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md). | ||
|
||
When you contribute code, you affirm that the contribution is your original work and that you license the work to the project under the project's open source license. Whether or not you state this explicitly, by submitting any copyrighted material via pull request, email, or other means you agree to license the material under the project's open source license and warrant that you have the legal authority to do so. | ||
|
||
## Code of Conduct | ||
|
||
Please note that this project is released with a [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms. | ||
|
||
## Versioning | ||
|
||
This library follows [Semantic Versioning](http://semver.org). | ||
|
||
## Code Reviews | ||
|
||
All submissions, including submissions by project members, require review. The project uses GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. | ||
|
||
## Contributing | ||
|
||
1. Look through the existing issues and see if your idea is something new. | ||
2. Create a new issue, or comment on an existing issue that you would like to help solve: | ||
* it's usually best to get some feedback before proceeding to write code. | ||
3. fork the repo, and clone it to your computer: | ||
* GitHub has [great documentation](https://help.github.com/articles/using-pull-requests/) regarding writing your first pull request. | ||
4. make sure that you write unit-test for any code that you write for the project: | ||
* ESLint is the main SAST tool in this project. | ||
* look through the test suite in `/test` folder to get an idea for how to write unit-tests for this codebase. | ||
|
||
## Before you begin | ||
|
||
1. [Install Node.js LTS](https://nodejs.org/en/). | ||
|
||
### How to test | ||
|
||
1. Install dependencies: | ||
|
||
npm install | ||
|
||
2. Lint the codebase: | ||
|
||
npm run lint | ||
|
||
3. Run the tests: | ||
|
||
npm test | ||
|
||
### CI/CD | ||
|
||
The project uses GitHub Actions for its CI/CD pipeline. There is no need to build and publish from local machines as this will be taken care by CI/CD. However, one should build locally for testing purposes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Reporting Security Issues | ||
|
||
To report a security issue, contact me on [Twitter](https://twitter.com/mauriciolauffer) or [LinkedIn](https://linkedin.com/in/mauriciolauffer) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. | ||
|
||
If the issue is confirmed as a vulnerability, a Security Advisory will be open and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline. |
Oops, something went wrong.