diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..fc4bd86
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+
+updates:
+ # github-actions
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: weekly
+ commit-message:
+ prefix: chore(actions)
+ # npm
+ - package-ecosystem: npm
+ directory: /
+ schedule:
+ interval: weekly
+ commit-message:
+ prefix: chore(npm)
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 0000000..83e4696
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,36 @@
+name: Audit
+
+on:
+ branch_protection_rule:
+ schedule:
+ - cron: '0 17 * * 5' # Every Friday at 17:00 UTC (Saturday 00:00 Jakarta time)
+
+permissions:
+ contents: read
+
+jobs:
+ # CodeQL
+ codeql:
+ name: CodeQL
+ permissions:
+ # read
+ actions: read
+ contents: read
+ packages: read
+ # write
+ security-events: write
+ uses: ./.github/workflows/reusable.codeql.yml
+ # Scorecard
+ scorecard:
+ name: Scorecard
+ permissions:
+ # read
+ actions: read
+ checks: read
+ contents: read
+ issues: read
+ pull-requests: read
+ # write
+ id-token: write
+ security-events: write
+ uses: ./.github/workflows/reusable.scorecard.yml
diff --git a/.github/workflows/checkpoint.yml b/.github/workflows/checkpoint.yml
new file mode 100644
index 0000000..25b4970
--- /dev/null
+++ b/.github/workflows/checkpoint.yml
@@ -0,0 +1,44 @@
+name: Checkpoint
+
+on:
+ pull_request:
+
+permissions:
+ contents: read
+
+jobs:
+ # Review
+ review:
+ name: Review
+ uses: ./.github/workflows/reusable.review.yml
+ # CodeQL
+ codeql:
+ name: CodeQL
+ permissions:
+ # read
+ actions: read
+ contents: read
+ packages: read
+ # write
+ security-events: write
+ uses: ./.github/workflows/reusable.codeql.yml
+ # Scorecard
+ scorecard:
+ name: Scorecard
+ permissions:
+ # read
+ actions: read
+ checks: read
+ contents: read
+ issues: read
+ pull-requests: read
+ # write
+ id-token: write
+ security-events: write
+ uses: ./.github/workflows/reusable.scorecard.yml
+ # Test
+ test:
+ name: Test
+ uses: ./.github/workflows/reusable.test.yml
+ secrets:
+ CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5b65aee..b995836 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,49 +19,17 @@ jobs:
# CodeQL
codeql:
name: CodeQL
- runs-on: ubuntu-latest
permissions:
# read
actions: read
contents: read
+ packages: read
# write
security-events: write
- steps:
- # Harden Runner
- - name: Harden Runner # Audit all outbound calls
- uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
- with:
- egress-policy: audit
- # Checkout
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- with:
- persist-credentials: false
- # Initialize CodeQL
- - name: Initialize CodeQL
- uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
- with:
- languages: javascript
- # Setup Node
- - name: Setup Node
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
- with:
- node-version: "lts/*"
- # Install Dependencies
- - name: Install Dependencies
- run: npm ci
- # Build Source Code
- - name: Build Source Code
- run: npm run build
- # Analyze CodeQL
- - name: Analyze CodeQL
- uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
- with:
- category: /language:javascript
+ uses: ./.github/workflows/reusable.codeql.yml
# Scorecard
scorecard:
name: Scorecard
- runs-on: ubuntu-latest
permissions:
# read
actions: read
@@ -72,125 +40,26 @@ jobs:
# write
id-token: write
security-events: write
- steps:
- # Harden Runner
- - name: Harden Runner # Audit all outbound calls
- uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
- with:
- egress-policy: audit
- # Checkout
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- with:
- persist-credentials: false
- # Analyze OSSF Scorecard
- - name: Analyze OSSF Scorecard
- uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
- with:
- results_file: ossf_scorecard.sarif
- results_format: sarif
- publish_results: true
- repo_token: ${{ secrets.TOKEN }}
- # Upload to GitHub Actions Artifact
- - name: Upload to GitHub Actions Artifact
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
- with:
- name: OSSF Scorecard
- path: ossf_scorecard.sarif
- overwrite: true
- # Upload to GitHub Code Scanning
- - name: Upload to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
- with:
- sarif_file: ossf_scorecard.sarif
+ uses: ./.github/workflows/reusable.scorecard.yml
# Test
test:
name: Test
- runs-on: ubuntu-latest
- steps:
- # Harden Runner
- - name: Harden Runner # Audit all outbound calls
- uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
- with:
- egress-policy: audit
- # Checkout
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- with:
- fetch-depth: 2 # At least fetch the last two commits for comparison
- persist-credentials: false
- # Setup Node
- - name: Setup Node
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
- with:
- node-version: "lts/*"
- # Install Dependencies
- - name: Install Dependencies
- run: npm ci
- # Build Source Code
- - name: Build Source Code
- run: npm run build
- # Run Test and Generate Coverage
- - name: Run Test and Generate Coverage
- run: npm test
- # Upload Coverage Reports to Codecov
- - name: Upload Coverage Reports to Codecov
- uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
- with:
- token: ${{ secrets.CODECOV_TOKEN }}
+ uses: ./.github/workflows/reusable.test.yml
+ secrets:
+ CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Release
release:
name: Release
needs: [codeql, scorecard, test]
- runs-on: ubuntu-latest
permissions:
# write
contents: write
+ id-token: write
issues: write
- steps:
- # Harden Runner
- - name: Harden Runner # Audit all outbound calls
- uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
- with:
- egress-policy: audit
- # Checkout
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- with:
- fetch-depth: 0 # All commits need to be analyzed
- token: ${{ secrets.TOKEN }}
- # Import GPG
- - name: Import GPG
- uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
- with:
- gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
- passphrase: ${{ secrets.PASSPHRASE }}
- git_user_signingkey: true
- git_commit_gpgsign: true
- # Setup Node
- - name: Setup Node
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
- with:
- node-version: "lts/*"
- # Install Dependencies
- - name: Install Dependencies
- run: npm ci
- # Build Source Code
- - name: Build Source Code
- run: npm run build
- # Release and Publish to NPM
- - name: Release and Publish to NPM
- env:
- GIT_AUTHOR_NAME: ${{ vars.GIT_AUTHOR_NAME }}
- GIT_AUTHOR_EMAIL: ${{ vars.GIT_AUTHOR_EMAIL }}
- GIT_COMMITTER_NAME: ${{ vars.GIT_COMMITTER_NAME }}
- GIT_COMMITTER_EMAIL: ${{ vars.GIT_COMMITTER_EMAIL }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: npx semantic-release
- # Rebase Development Branch
- - name: Rebase Development Branch
- run: |
- git checkout dev
- git pull --rebase origin main
- git push --force origin dev
+ pull-requests: write
+ uses: ./.github/workflows/reusable.release.yml
+ secrets:
+ GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+ NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+ PASSPHRASE: ${{ secrets.PASSPHRASE }}
+ TOKEN: ${{ secrets.TOKEN }}
diff --git a/.github/workflows/reusable.codeql.yml b/.github/workflows/reusable.codeql.yml
new file mode 100644
index 0000000..c37290f
--- /dev/null
+++ b/.github/workflows/reusable.codeql.yml
@@ -0,0 +1,52 @@
+name: CodeQL
+
+on:
+ workflow_call:
+
+permissions:
+ contents: read
+
+jobs:
+ # CodeQL
+ codeql:
+ name: CodeQL
+ runs-on: ubuntu-latest
+ permissions:
+ # read
+ actions: read
+ contents: read
+ packages: read
+ # write
+ security-events: write
+ steps:
+ # Harden Runner
+ - name: Harden Runner # Audit all outbound calls
+ uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+ with:
+ egress-policy: audit
+ # Checkout
+ - name: Checkout
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
+ # Initialize CodeQL
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+ with:
+ languages: javascript
+ # Setup Node
+ - name: Setup Node
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+ with:
+ node-version: lts/*
+ # Clean Install
+ - name: Clean Install
+ run: npm ci
+ # Build Source Code
+ - name: Build Source Code
+ run: npm run build
+ # Analyze CodeQL
+ - name: Analyze CodeQL
+ uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+ with:
+ category: /language:javascript
diff --git a/.github/workflows/reusable.release.yml b/.github/workflows/reusable.release.yml
new file mode 100644
index 0000000..9891794
--- /dev/null
+++ b/.github/workflows/reusable.release.yml
@@ -0,0 +1,75 @@
+name: Test
+
+on:
+ workflow_call:
+ secrets:
+ GPG_PRIVATE_KEY:
+ required: true
+ NPM_TOKEN:
+ required: true
+ PASSPHRASE:
+ required: true
+ TOKEN:
+ required: true
+
+permissions:
+ contents: read
+
+jobs:
+ # Release
+ release:
+ name: Release
+ runs-on: ubuntu-latest
+ permissions:
+ # write
+ contents: write
+ id-token: write
+ issues: write
+ pull-requests: write
+ steps:
+ # Harden Runner
+ - name: Harden Runner # Audit all outbound calls
+ uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+ with:
+ egress-policy: audit
+ # Checkout
+ - name: Checkout
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 0 # All commits need to be analyzed
+ token: ${{ secrets.TOKEN }}
+ # Import GPG
+ - name: Import GPG
+ uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+ with:
+ git_commit_gpgsign: true
+ git_user_signingkey: true
+ gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+ passphrase: ${{ secrets.PASSPHRASE }}
+ # Setup Node
+ - name: Setup Node
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+ with:
+ node-version: lts/*
+ # Clean Install
+ - name: Clean Install
+ run: npm ci
+ # Build Source Code
+ - name: Build Source Code
+ run: npm run build
+ # Release and Publish to NPM
+ - name: Release and Publish to NPM
+ env:
+ GIT_AUTHOR_EMAIL: ${{ vars.GIT_AUTHOR_EMAIL }}
+ GIT_AUTHOR_NAME: ${{ vars.GIT_AUTHOR_NAME }}
+ GIT_COMMITTER_EMAIL: ${{ vars.GIT_COMMITTER_EMAIL }}
+ GIT_COMMITTER_NAME: ${{ vars.GIT_COMMITTER_NAME }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+ run: npx semantic-release
+ # Rebase Development Branch
+ - name: Rebase Development Branch
+ run: |
+ git checkout dev
+ git pull --rebase origin main
+ git push --force origin dev
diff --git a/.github/workflows/review.yml b/.github/workflows/reusable.review.yml
similarity index 97%
rename from .github/workflows/review.yml
rename to .github/workflows/reusable.review.yml
index d8c9999..e497288 100644
--- a/.github/workflows/review.yml
+++ b/.github/workflows/reusable.review.yml
@@ -1,7 +1,7 @@
name: Review
on:
- pull_request:
+ workflow_call:
permissions:
contents: read
diff --git a/.github/workflows/security.yml b/.github/workflows/reusable.scorecard.yml
similarity index 52%
rename from .github/workflows/security.yml
rename to .github/workflows/reusable.scorecard.yml
index fda109c..cf7dd6f 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/reusable.scorecard.yml
@@ -1,54 +1,12 @@
-name: Security
+name: Scorecard
on:
- pull_request:
+ workflow_call:
permissions:
contents: read
jobs:
- # CodeQL
- codeql:
- name: CodeQL
- runs-on: ubuntu-latest
- permissions:
- # read
- actions: read
- contents: read
- # write
- security-events: write
- steps:
- # Harden Runner
- - name: Harden Runner # Audit all outbound calls
- uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
- with:
- egress-policy: audit
- # Checkout
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- with:
- persist-credentials: false
- # Initialize CodeQL
- - name: Initialize CodeQL
- uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
- with:
- languages: javascript
- # Setup Node
- - name: Setup Node
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
- with:
- node-version: "lts/*"
- # Install Dependencies
- - name: Install Dependencies
- run: npm ci
- # Build Source Code
- - name: Build Source Code
- run: npm run build
- # Analyze CodeQL
- - name: Analyze CodeQL
- uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
- with:
- category: /language:javascript
# Scorecard
scorecard:
name: Scorecard
@@ -81,7 +39,6 @@ jobs:
results_file: ossf_scorecard.sarif
results_format: sarif
publish_results: true
- repo_token: ${{ secrets.TOKEN }}
# Upload to GitHub Actions Artifact
- name: Upload to GitHub Actions Artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
diff --git a/.github/workflows/test.yml b/.github/workflows/reusable.test.yml
similarity index 84%
rename from .github/workflows/test.yml
rename to .github/workflows/reusable.test.yml
index 744a79d..95cfdb5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/reusable.test.yml
@@ -1,7 +1,10 @@
name: Test
on:
- pull_request:
+ workflow_call:
+ secrets:
+ CODECOV_TOKEN:
+ required: true
permissions:
contents: read
@@ -27,13 +30,10 @@ jobs:
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
- node-version: "lts/*"
- # Install Dependencies
- - name: Install Dependencies
+ node-version: lts/*
+ # Clean Install
+ - name: Clean Install
run: npm ci
- # Build Source Code
- - name: Build Source Code
- run: npm run build
# Run Test and Generate Coverage
- name: Run Test and Generate Coverage
run: npm test
diff --git a/.npmignore b/.npmignore
index b1ca8cb..8f27024 100644
--- a/.npmignore
+++ b/.npmignore
@@ -2,10 +2,8 @@
__tests__/
.github/
coverage/
-# dist/*.map
node_modules/
package/
-dummies/
src/
tests/
.czrc*
@@ -13,10 +11,14 @@ tests/
.gitignore
.npmignore
.npmrc
+.pre-commit-config*
.releaserc*
clean-package.config*
+CODE_OF_CONDUCT*
+CONTRIBUTING*
jest.config*
package-lock.json
package.json.backup
rollup.config*
+SECURITY*
tsconfig.json
diff --git a/.npmrc b/.npmrc
index 456561e..c31ea78 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1,3 +1,4 @@
scope=@mnrendra
access=public
registry=https://registry.npmjs.org
+provenance=true
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f7fef8c..e16d667 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
-
+ # gitleaks
- repo: https://github.com/gitleaks/gitleaks
- rev: v8.16.3
+ rev: d1c77598da5353c83c46d8a62be0d376a1b63bbb # v8.25.1
hooks:
- id: gitleaks
diff --git a/.releaserc b/.releaserc
index 7967c4c..39bbfb2 100644
--- a/.releaserc
+++ b/.releaserc
@@ -20,10 +20,14 @@
["@semantic-release/commit-analyzer", {
"releaseRules": [
{ "type": "docs", "release": "patch" },
- { "type": "chore", "release": "patch" },
+ { "type": "style", "release": "patch" },
{ "type": "refactor", "release": "patch" },
+ { "type": "perf", "release": "patch" },
{ "type": "test", "release": "patch" },
- { "type": "style", "release": "patch" }
+ { "type": "build", "release": "patch" },
+ { "type": "ci", "release": "patch" },
+ { "type": "chore", "release": "patch" },
+ { "type": "revert", "release": "patch" }
]
}],
"@semantic-release/release-notes-generator",
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..7e4246e
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,45 @@
+# Code of Conduct
+
+We are committed to creating a welcoming and inclusive environment for all contributors and participants. By participating in this project, you agree to abide by the following Code of Conduct.
+
+## Our Pledge
+
+We pledge to make participation in our project a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, age, race, religion, or technology choices.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy toward other community members
+
+Examples of unacceptable behavior by participants include:
+- The use of sexualized language or imagery and unwelcome sexual attention or advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the [project maintainer](https://github.com/mnrendra). All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
+
+We will maintain confidentiality with regard to the reporter of an incident.
+
+## Scope
+
+This Code of Conduct applies to all project spaces, both online and offline, and it applies to all members of the community.
+
+## Enforcement Guidelines
+
+- **Warning**: A first warning is given for minor infractions or rude behavior.
+- **Temporary Ban**: For more severe or repeated violations, a temporary ban from the project may be enforced.
+- **Permanent Ban**: If the participant's behavior is seriously disruptive, a permanent ban may be enacted.
+
+Thank you for helping us make this a welcoming and inclusive community for all!
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..013d187
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,165 @@
+
+# Contributing Guidelines
+
+Thank you for considering contributing to this project! We appreciate your help in making this project better. Please follow the guidelines below to ensure that your contributions are smoothly integrated.
+
+## Code of Conduct
+
+By participating in this project, you agree to abide by our [Code of Conduct](./CODE_OF_CONDUCT.md). Please engage respectfully and constructively.
+
+## How to Contribute
+
+### 1. Start a Discussion
+
+Begin by [opening a discussion](/discussions) to propose your changes or improvements. We’ll invite you as [contributors](/graphs/contributors) and assist you in creating the corresponding [issue](/issues) and working [branch](/branches) for your contribution.
+
+### 2. Set Up Your Local Environment
+
+Follow these steps to prepare your development environment:
+
+- Clone the repository using SSH:
+ ```bash
+ git clone git@github.com:mnrendra/stack-trace.git
+ ```
+
+- Navigate to the project directory:
+ ```bash
+ cd stack-trace
+ ```
+
+- Switch to the assigned branch:
+ ```bash
+ git checkout [assigned-branch-name]
+ ```
+
+- Verify your Git configuration to ensure that your commits are associated with the correct author information:
+ ```bash
+ git config --list
+ ```
+ *Verify that `user.name` is your name and `user.email` is your [private email](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address).*
+
+- Ensure that you’re using the latest **LTS** version of **Node.js** and a compatible version of **npm**:
+ ```bash
+ node -v && npm -v
+ ```
+ *If outdated, please upgrade to the latest LTS version of Node.js and npm.*
+
+- Install the project dependencies:
+ ```bash
+ npm install
+ ```
+
+- Test your local project to ensure it's ready for development:
+ ```bash
+ npm test
+ ```
+
+### 3. Make Your Changes
+
+Follow these guidelines to implement your changes:
+
+- Write a test for your feature or fix in [`./__tests__/index.ts`](./__tests__/index.ts), or create a new test file in the [`./__tests__`](./__tests__/) directory if appropriate.
+- Ensure that your tests cover all affected code paths (see [current coverage](https://app.codecov.io/gh/mnrendra/stack-trace)).
+- Use **TypeScript** consistently for all source files (see [`tsconfig.json`](./tsconfig.json) for details).
+- Strictly adhere to the configured **ESLint** rules (see [`.eslintrc.json`](./.eslintrc.json) for details).
+- Follow existing file naming and organization conventions (see [project structure](./) for reference).
+- Maintain code readability and consistency by providing proper documentation. Please use **JSDoc** comments for all exported public APIs to ensure maintainability and auto-generation of documentation (see [`./src/main.ts`](./src/main.ts) for an example).
+- Avoid introducing breaking changes to the public API or major behavioral changes unless discussed in advance. We are following semantic versioning using [semantic-release](https://semantic-release.gitbook.io/semantic-release), so please follow its guidelines.
+- Update the [`README.md`](./README.md) file to reflect any changes to public APIs, usage examples, or configuration options introduced by your contribution.
+- Keep commits atomic and focused on a single change.
+
+### 4. Run Tests
+
+Ensure that your changes do not break existing tests.
+
+- Run tests before committing to confirm that all tests pass:
+ ```bash
+ npm test
+ ```
+
+### 5. Run Security Checks
+
+Ensure that your changes don’t negatively impact the [OpenSSF Scorecard](https://github.com/ossf/scorecard) rating or introduce vulnerabilities.
+
+> Before running the security checks, ensure that `scorecard` is installed locally:
+> ```bash
+> scorecard --version
+> ```
+> *If not, follow the [Scorecard documentation](https://scorecard.dev/#using-the-cli) to install it.*
+
+- Run security checks before committing to ensure that everything is secure:
+ ```bash
+ npm run security
+ ```
+
+ *This checks for known vulnerabilities and ensures compliance with best practices.*
+
+### 6. Commit Your Changes
+
+We use [Commitizen](https://www.npmjs.com/package/commitizen) for generating commit messages and [semantic-release](https://semantic-release.gitbook.io/semantic-release) for semantic versioning. Please use the provided script for committing.
+
+- Run the commit script to commit your changes:
+ ```bash
+ npm run commit
+ ```
+
+- Follow the [Conventional Commits](https://www.conventionalcommits.org/) format.
+- Select the appropriate commit type (see [conventional-commit-types](https://github.com/pvdlg/conventional-commit-types) for reference).
+- Ensure that your commit message includes the related issue number and aligns with the scope and naming of the assigned branch.
+- Avoid introducing breaking changes unless they have been discussed in advance.
+
+> ⚠️ Pull requests with non-standard or poorly formatted commit messages will be **rejected**.
+
+### 7. Push Your Changes
+
+Ensure that your local branch is up-to-date with the base branch before pushing it to the remote repository:
+```bash
+git pull --rebase origin [base-branch]
+```
+> ⚠️ Please only pull from the **base branch** (e.g., `dev`) — do not pull from any other branches.
+
+Push your up-to-date local branch to the remote repository:
+```bash
+git push origin [assigned-branch-name]
+```
+
+### 8. Submit a Pull Request
+
+Create a Pull Request targeting the base branch (e.g., `dev`). After submission, a maintainer will review it before merging. Please use the following format for your Pull Request:
+
+#### Pull Request Title
+Must match the related issue title (e.g., `feat: something`).
+
+#### Pull Request Description
+Use the following template to ensure consistency:
+```
+issues:
+* [issue title] (#[issue number])
+
+commits:
+* [commit title] ([first 7 chars of the commit hash])
+```
+Example:
+```
+issues:
+* feat: something (#123)
+
+commits:
+* feat: something (abc123d)
+```
+
+See [merged commits](/commits/main/) for reference.
+
+#### Ensure that the Pull Request Includes:
+- Correct **target branch**
+- Relevant **reviewers**
+- Proper **assignee**
+- Updated **project status**
+- Linked **issue**
+
+If you have any questions, feel free to [open a discussion](/discussions). We’re here to help!
+
+Thank you for your contributions and collaboration!
+
+## Maintainer
+[@mnrendra](https://github.com/mnrendra)
diff --git a/README.md b/README.md
index 08ed29e..1bb93e8 100644
--- a/README.md
+++ b/README.md
@@ -19,9 +19,10 @@ A lightweight [stack trace](https://v8.dev/docs/stack-trace-api) utility to retr
- ✅ Minified and cleansed of unnecessary dependencies, files, and attributes - see [contents](https://www.npmjs.com/package/@mnrendra/stack-trace?activeTab=code)
- ✅ Tiny package - see [size](https://bundlephobia.com/package/@mnrendra/stack-trace)
- ✅ Well tested - see [coverage](https://app.codecov.io/gh/mnrendra/stack-trace)
+- ✅ Security checked - see [scorecard](https://securityscorecards.dev/viewer/?uri=github.com/mnrendra/stack-trace)
- ✅ Verified all commits - see [signatures](https://github.com/mnrendra/stack-trace/commits/main)
- ✅ Semantic versioning - see [commits](https://github.com/mnrendra/stack-trace/commits/main)
-- ✅ Actively maintained - [pull requests](https://github.com/mnrendra/stack-trace/pulls), [issues](https://github.com/mnrendra/stack-trace/issues), and [discussions](https://github.com/mnrendra/stack-trace/discussions) are welcome!
+- ✅ Actively maintained - [pull requests](https://github.com/mnrendra/stack-trace/pulls), [issues](https://github.com/mnrendra/stack-trace/issues), [discussions](https://github.com/mnrendra/stack-trace/discussions), and [contributions](https://github.com/mnrendra/stack-trace/blob/HEAD/CONTRIBUTING.md) are welcome!
## Install
```bash
@@ -75,7 +76,7 @@ NodeJS.CallSite
First `CallSite` object captured in the stack trace.
### `extractFilePath`
-Extracts the file name from a `CallSite` object and converts it to a file path if the value is a file URL.
+Extracts the file name from a `CallSite` object and converts it to a file path if the value is a file URL.
*This utility ensures that the returned value is an absolute path.*
#### Type
@@ -301,10 +302,10 @@ caller()
> **Note**:
>
-> - In ES Modules, `getFileName` returns a **file URL** (e.g., `file:///foo`), instead of a **file path** (`/foo`).
+> - In ES Modules, `getFileName` returns a **file URL** (e.g., `file:///foo`), instead of a **file path** (`/foo`).
> *To convert it to a file path, use either `url.fileURLToPath` or the `extractFilePath` utility.*
>
-> - By default `stackTrace` will capture all caller's frames.
+> - By default `stackTrace` will capture all caller's frames.
> *To capture only a specific number of frames, set the `limit` option to a positive number.*
### Examples
@@ -424,6 +425,18 @@ const callSites = caller()
console.log(callSites.length) // Output: 1
```
+## Security
+
+We take security seriously in this project. If you discover a **vulnerability**, we strongly encourage you to report it in a responsible manner.
+
+Please open a [Security Advisory](https://github.com/mnrendra/stack-trace/security/advisories/new) to report any vulnerabilities.
+
+For more information, please refer to our [Security Policy](https://github.com/mnrendra/stack-trace/blob/HEAD/SECURITY.md).
+
+## Contributing
+
+We appreciate your help in making this project better. Please follow the [guidelines](https://github.com/mnrendra/stack-trace/blob/HEAD/CONTRIBUTING.md) to ensure that your contributions are smoothly integrated.
+
## License
[MIT](https://github.com/mnrendra/stack-trace/blob/HEAD/LICENSE)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..40fce22
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,37 @@
+# Security Policy
+
+## Supported Versions
+
+We currently maintain the latest stable version of this project. Older versions may not receive security updates.
+
+## Reporting a Vulnerability
+
+We take security seriously in this project. If you discover a **vulnerability**, we strongly encourage you to report it in a responsible manner.
+
+**Please open a [Security Advisory](/security/advisories/new) to report any vulnerabilities.**
+
+We will acknowledge your report within **5 working days**. For confirmed vulnerabilities, we aim to provide a full **disclosure** and patch within **14 days**, depending on the complexity and impact.
+
+**Please do not report security issues publicly before we have had a chance to investigate and address them.**
+
+## Security Best Practices
+
+This project follows these practices:
+
+- ✅ Dependencies are scanned automatically using GitHub Dependabot.
+- ✅ Code is scanned weekly using GitHub Advanced Security and a GitHub Actions analysis tool (CodeQL and OSSF Scorecard).
+- ✅ Branch protection is enabled with required status checks for Pull-Requests.
+- ✅ Changes are reviewed via Pull-Requests with multiple maintainers.
+
+## Disclosure Policy
+
+We follow a **[Coordinated Disclosure](https://vuls.cert.org/confluence/display/CVD/Coordinated+Vulnerability+Disclosure)** approach:
+- You notify us privately of the issue.
+- We confirm and fix the issue internally.
+- A fix is released and a public **disclosure** is made (if necessary).
+
+## GPG Signing
+
+Releases are signed with GPG. Verification instructions are provided in the release notes.
+
+Thank you for helping us keep the project and our users safe.
diff --git a/package-lock.json b/package-lock.json
index f35f63c..07e340c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1158,9 +1158,9 @@
}
},
"node_modules/@eslint-community/eslint-utils": {
- "version": "4.6.1",
- "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.6.1.tgz",
- "integrity": "sha512-KTsJMmobmbrFLe3LDh0PC2FXpcSYJt/MLjlkh/9LEnmKYLSYmT/0EW9JWANjeoemiuZrmogti0tW5Ch+qNUYDw==",
+ "version": "4.7.0",
+ "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
+ "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -4266,9 +4266,9 @@
}
},
"node_modules/browserslist": {
- "version": "4.24.4",
- "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.4.tgz",
- "integrity": "sha512-KDi1Ny1gSePi1vm0q4oxSF8b4DR44GF4BbmS2YdhPLOEqd8pDviZOGH/GsmRwoWJ2+5Lr085X7naowMwKHDG1A==",
+ "version": "4.24.5",
+ "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.5.tgz",
+ "integrity": "sha512-FDToo4Wo82hIdgc1CQ+NQD0hEhmpPjrZ3hiUgwgOG6IuTdlpr8jdjyG24P6cNP1yJpTLzS5OcGgSw0xmDU1/Tw==",
"dev": true,
"funding": [
{
@@ -4286,10 +4286,10 @@
],
"license": "MIT",
"dependencies": {
- "caniuse-lite": "^1.0.30001688",
- "electron-to-chromium": "^1.5.73",
+ "caniuse-lite": "^1.0.30001716",
+ "electron-to-chromium": "^1.5.149",
"node-releases": "^2.0.19",
- "update-browserslist-db": "^1.1.1"
+ "update-browserslist-db": "^1.1.3"
},
"bin": {
"browserslist": "cli.js"
@@ -4457,9 +4457,9 @@
}
},
"node_modules/caniuse-lite": {
- "version": "1.0.30001716",
- "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001716.tgz",
- "integrity": "sha512-49/c1+x3Kwz7ZIWt+4DvK3aMJy9oYXXG6/97JKsnjdCk/6n9vVyWL8NAwVt95Lwt9eigI10Hl782kDfZUUlRXw==",
+ "version": "1.0.30001717",
+ "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001717.tgz",
+ "integrity": "sha512-auPpttCq6BDEG8ZAuHJIplGw6GODhjw+/11e7IjpnYCxZcW/ONgPs0KVBJ0d1bY3e2+7PRe5RCLyP+PfwVgkYw==",
"dev": true,
"funding": [
{
@@ -5542,9 +5542,9 @@
}
},
"node_modules/electron-to-chromium": {
- "version": "1.5.145",
- "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.145.tgz",
- "integrity": "sha512-pZ5EcTWRq/055MvSBgoFEyKf2i4apwfoqJbK/ak2jnFq8oHjZ+vzc3AhRcz37Xn+ZJfL58R666FLJx0YOK9yTw==",
+ "version": "1.5.149",
+ "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.149.tgz",
+ "integrity": "sha512-UyiO82eb9dVOx8YO3ajDf9jz2kKyt98DEITRdeLPstOEuTlLzDA4Gyq5K9he71TQziU5jUVu2OAu5N48HmQiyQ==",
"dev": true,
"license": "ISC"
},
@@ -8948,9 +8948,9 @@
"license": "MIT"
},
"node_modules/jest-circus/node_modules/dedent": {
- "version": "1.5.3",
- "resolved": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz",
- "integrity": "sha512-NHQtfOOW68WD8lgypbLA5oT+Bt0xXJhiYvoR6SmmNXZfpzOGXwdKWmcwG8N7PwVVWV3eF/68nmD9BaJSsTBhyQ==",
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/dedent/-/dedent-1.6.0.tgz",
+ "integrity": "sha512-F1Z+5UCFpmQUzJa11agbyPVMbpgT/qA3/SKyJ1jyBgm7dUcUEa8v9JwDkerSQXfakBwFljIxhOJqGkjUwZ9FSA==",
"dev": true,
"license": "MIT",
"peerDependencies": {
diff --git a/package.json b/package.json
index 1b0fbac..a9b5e64 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,8 @@
"scripts": {
"build": "rm -rf dist && npx rollup -c",
"commit": "npx cz",
- "test": "npx jest --coverage"
+ "security": "scorecard --local .",
+ "test": "npm run build && npx jest --coverage"
},
"repository": {
"type": "git",