Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add missing GitHub blockquotes #410

Merged
merged 2 commits into from
Aug 11, 2024
Merged

docs: add missing GitHub blockquotes #410

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee7edb6
docs: add missing GitHub blockquotes
fraxken Aug 9, 2024
5b3919d
docs: add SLSA & publishing docs along with minor enhancements
fraxken Aug 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 25 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ $ nsecure open --port 8080

| name | shortcut | default value | description |
| --- | --- | --- | --- |
| --port | -p | | Define the running port, can also be define through the environment variable `PORT` |
| --port | -p | 0 | Define the running port, can also be define through the environment variable `PORT` |

The `auto` command can be used to chain `cwd/from` and `open` commands automatically.

Expand All @@ -117,7 +117,8 @@ $ nsecure auto jest
$ nsecure auto
```

> 👀 By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`.
> [!IMPORTANT]
> By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`.

---
Some options are available on both `cwd`, `from` and `auto` commands. The output option is not available for the `auto` command.
Expand Down Expand Up @@ -154,7 +155,7 @@ Flags and emojis legends are documented [here](https://github.com/NodeSecure/fla

## Searchbar filters

Since version 0.6.0 of Node-secure the UI include a brand new searchbar that allow to search anything on the tree (graph) by multiple criteria (filters). The current available filters are:
Since version **0.6.0**, the UI includes a brand new search bar that allows you to search anything within the tree (graph) using multiple criteria (filters). The currently available filters are:

- package (**the default filter if there is none**).
- version (take a semver range as an argument).
Expand All @@ -174,21 +175,22 @@ version: >=1.2 | 2, ext: .js, builtin: fs
## FAQ

### Why some nodes are red in the UI ?
Nodes are red when the project/package has been flagged with 🔬 `hasMinifiedCode` or ⚠️ `hasWarnings`.
Nodes are highlighted in red when the project/package is flagged with 🔬 `hasMinifiedCode` or ⚠️ `hasWarnings`. You can deactivate specific warnings in the options if desired.

### Why the node-secure package size is so different from Bundlephobia ?
Node-secure will analyze the complete size of the npm tarball with no filters or particular optimization. Bundlephobia on the
other side will bundle and remove most of the useless files from the tarball (Like the documentation, etc.).
### Why the package size is so different from Bundlephobia ?
The back-end scanner will analyze the complete size of the npm tarball without any filters or specific optimizations. In contrast, Bundlephobia will bundle the package and remove most of the unnecessary files from the tarball, such as documentation and other non-essential items.

### Why some packages don't have OSSF Scorecard ?
See [Scorecard Public Data](https://github.com/ossf/scorecard#public-data):

> [!NOTE]
> We run a weekly Scorecard scan of the 1 million most critical open source projects judged by their direct dependencies and publish the results in a BigQuery public dataset.

## Contributors guide

If you are a developer **wishing to contribute** to the project, you must first read the [CONTRIBUTING](./CONTRIBUTING.md) guide.
If you are a developer **looking to contribute** to the project, you must first read the [CONTRIBUTING](./CONTRIBUTING.md) guide.

If you have already cloned and installed the project with npm locally, you still need to build and bundle front-end assets using the npm `build` script:
If you have already cloned and installed the project locally with npm, you still need to build and bundle front-end assets using the npm `build` script:

```bash
$ npm run build
Expand All @@ -206,6 +208,20 @@ $ npm test
> [!CAUTION]
> If you add a feature, try adding tests for it along.

### Publishing package and SLSA

The package is published on [NPM with provenance](https://docs.npmjs.com/generating-provenance-statements), ensuring that this project is compliant with [SLSA Level 3](https://slsa.dev/spec/v0.1/levels?ref=fossa.com) standards. The build and publication process is managed through the GitHub [npm-provenance.yml](https://github.com/NodeSecure/cli/blob/master/.github/workflows/npm-provenance.yml) workflow, which is automatically triggered upon the creation of a new release.

To create a local version of the package using npm and Git, follow these commands:

```bash
$ npm version [patch | minor | major]
$ git commit -am "chore: x.x.x"
$ git push origin master --tags
```

These commands will increment the package version, commit the changes, and push them along with the tags to the repository

## Workspaces

Click on one of the links to access the documentation of the workspace:
Expand Down
Loading