From 355280e18cf51b42ec86c8e24f2370eaee374601 Mon Sep 17 00:00:00 2001 From: Jason Mulligan Date: Thu, 25 Jun 2026 21:07:29 -0400 Subject: [PATCH] docs: add issue templates, security policy, and update contributing guide --- .github/ISSUE_TEMPLATE/bug_report.md | 37 ++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 29 +++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 5 ++ .github/SECURITY.md | 61 +++++++++++++++++++++++ CONTRIBUTING.md | 29 +++++++++++ 5 files changed, 161 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..0fbd92b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug Report +about: Report a bug or unexpected behavior +title: "fix: " +labels: "bug" +assignees: "" +--- + +## Summary + + +## Reproduction + +1. +2. +3. + +## Expected Behavior + + +## Actual Behavior + + +## Environment +- **Node.js version**: +- **OS**: +- **filesize.js version**: + +## Code Sample + + +```javascript +// Your code here +``` + +## Additional Context + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..3e1e11c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,29 @@ +--- +name: Feature Request +about: Suggest a new feature or enhancement +title: "feat: " +labels: "enhancement" +assignees: "" +--- + +## Summary + + +## Motivation + + +## Proposed Solution + + +## Example Usage + + +```javascript +// Your code here +``` + +## Alternatives Considered + + +## Additional Context + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 90fd747..338a798 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -25,3 +25,8 @@ - [ ] No hardcoded secrets or credentials introduced - [ ] Zero external dependencies added - [ ] ES Modules only (no CommonJS in src/) +- [ ] JSDoc comments added/updated +- [ ] CHANGELOG.md updated (if applicable) + +## Screenshots (if applicable) + diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..c35a7e8 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,61 @@ +# Security Policy + +## Supported Versions + +Only the latest major version receives security updates. + +| Version | Supported | +| ------- | ------------------ | +| 6.x | :white_check_mark: | +| < 6.0 | :x: | + +## Reporting a Vulnerability + +We take security seriously. If you discover a security vulnerability, please report it responsibly. + +### How to Report + +1. **Do not** open a public issue +2. Email security findings to the maintainers +3. Include: + - Description of the vulnerability + - Steps to reproduce + - Potential impact + - Suggested fix (if any) + +### What to Expect + +- **Acknowledgment**: Within 48 hours +- **Assessment**: Within 1 week +- **Fix timeline**: Depends on severity + - Critical: Immediate patch + - High: Within 30 days + - Medium/Low: Next release cycle + +### Scope + +This policy covers: +- Code execution vulnerabilities +- Data corruption or loss +- Authentication/authorization bypass +- Prototype pollution +- Dependency vulnerabilities affecting the core + +### Safe Harbors + +We will not take legal action against security researchers who: +- Follow this responsible disclosure process +- Make reasonable efforts to privacy and data protection +- Keep vulnerabilities confidential until patched + +## Security Best Practices + +When using filesize.js: +- Always validate input data before passing to filesize() +- Keep dependencies updated +- Use the latest stable version +- Review changelog for security-related updates + +## Known Issues + +No known security issues at this time. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a18b71b..e19cf2c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,6 +11,7 @@ Thank you for your interest in contributing to filesize.js! This document outlin - [Code Style](#code-style) - [Commit Messages](#commit-messages) - [Pull Request Process](#pull-request-process) +- [Code Review](#code-review) - [License](#license) ## Getting Started @@ -41,6 +42,8 @@ When creating a new issue, include: - Environment details (Node.js version, OS, browser) - Code samples if applicable +**Use the issue templates** provided in `.github/ISSUE_TEMPLATE/` for bug reports and feature requests. + ## Development Workflow ### Project Structure @@ -245,6 +248,32 @@ test: add coverage for NaN exponent edge case - [ ] Documentation updated (if applicable) - [ ] Build successful (`npm run build`) +## Code Review + +All pull requests require at least one review before merging. + +### Review Process + +1. **Automated checks**: CI must pass (tests, lint, build) +2. **Manual review**: At least one maintainer reviews the changes +3. **Feedback**: Address any review comments +4. **Approval**: Once approved, the PR can be merged + +### What Reviewers Look For + +- **Correctness**: Does the code work as intended? +- **Coverage**: Are all edge cases tested? +- **Performance**: Does the change impact performance? +- **Style**: Does the code follow project conventions? +- **Documentation**: Is the code documented? + +### Review Tips + +- Keep PRs small and focused +- Provide context in the PR description +- Respond to review comments promptly +- Be open to feedback and suggestions + ## License By contributing to filesize.js, you agree that your contributions will be licensed under the BSD-3 license.