This outlines all practices for contributing to this project.
The project uses the Nodejs runtime environment but aims to use minimal dependencies in order to create small bundle sizes.
The software is shipped in Docker images.
The software is intended to be run on Nodejs 16.18.0 LTS. The software relies on the Nodejs HTTP module and will be vulnerable to any vulnerabilities in that module.
All released versions have 0 vulnerabilities in NPM audits. This check is carried out as part of the release process. The repository is also scanned weekly with Snyk for vulnerabilities.
The software has been tested for LFI vulnerabilities.
This project uses main as development branch to allow bleeding edge on main. New features are committed through feature branches and merged into main through pull requests.
This project uses semver, handled by the NPM package standard-version. For creating a new release, run the following commands:
npm run release
git push --follow-tags origin mainBefore creating a new release, confirm that there are no known vulnerabilities in the project dependencies by running
npm audit