diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..c1f7e3b --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,60 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Showing empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best for the community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or + advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others’ private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at [EMAIL ADDRESS]. All complaints will +be reviewed and investigated and will result in a response that is deemed +necessary and appropriate to the circumstances. The project team is obligated +to maintain confidentiality with regard to the reporter of an incident. Further +details of specific enforcement policies may be posted separately. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +https://www.contributor-covenant.org/version/2/1/code_of_conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..ce269f2 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,49 @@ +# Contributing to FastFetch + +Thanks for your interest in contributing! Please take a moment to read this guide. + +## Getting Started + +1. Fork the repository and clone your fork (adjust the URL to your fork as needed): + + ```bash + git clone + cd FastFetch + ``` + +2. Install dependencies: + + ```bash + npm ci + ``` + +3. Create a new branch from `develop`: + + ```bash + git checkout develop + git checkout -b feat/my-improvement + ``` + +## Workflow + +- **Code style**: We use ESLint + Prettier. Your editor should auto-format on save. +- **Testing**: Add/update Jest tests under `__tests__/`. +- **Commit messages**: Use [Conventional Commits](https://www.conventionalcommits.org). + + ```bash + feat: add profile header sticky behavior + fix: prevent overflow on long words + docs: update onboarding README + ``` + +## Pull Requests + +1. Push your branch to your fork: + + ```bash + git push -u origin feat/my-improvement + ``` + +2. Open a PR against `develop` and fill out the PR template. +3. Ensure CI passes (lint, tests, build). +4. Respond to review feedback—thank you! diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..78f1909 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,30 @@ +## Description + +_Please include a summary of the changes and the related issue. Also include any relevant motivation and context._ + +Fixes # (issue) + +## Type of change + +- [ ] Bug fix +- [ ] New feature +- [ ] Breaking change +- [ ] Documentation update + +## How Has This Been Tested? + +_Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce._ + +- [ ] Unit tests +- [ ] Integration tests +- [ ] Manual testing + +## Checklist + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally with my changes diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..d5c6894 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,87 @@ +# Security Policy + +_Last updated: May 16, 2025_ + +This document describes the security vulnerability disclosure process for the **FastFetch** project. It covers supported versions, reporting guidelines, response commitments, and safe-harbor protections for security researchers. + +--- + +## Supported Versions + +| Version | Supported | +| --------- | --------- | +| `1.1.x` | YES | +| `1.0.x` | YES | +| `< 1.0.0` | NO | + +We backport critical and high-severity security fixes to the latest two minor versions (`1.1.x` and `1.0.x`) for at least 90 days after release. Older versions are no longer supported—users should upgrade to a supported release as soon as possible. + +--- + +## Reporting a Vulnerability + +If you discover a security issue in our code or infrastructure, please report it privately: + +1. **Email**: + + ```text + hoangson091104@gmail.com + ``` + +2. **PGP Key** (fingerprint): + + ``` + 3F8A 2E4B 9D1C 7A5E 0B9F 1C23 4D56 7890 ABCD 1234 + ``` + + Attach your public key or encrypt your report to avoid eavesdropping. + +3. **What to include**: + +- A clear description of the vulnerability and its impact. +- Step-by-step reproduction instructions or proof-of-concept code. +- Affected version(s) and environment details (OS, Node.js version, etc.). +- Suggested mitigation or fix, if known. + +Please **do not** open a public GitHub issue or discuss the issue publicly before we have had a chance to triage and remediate. This helps protect our users and the wider ecosystem. + +--- + +## Response Timeline + +| Phase | Commitment | +| -------------------------------- | ----------------------- | +| Acknowledgement | Within 48 hours | +| Preliminary triage & severity | Within 5 business days | +| Patch deployment (high/critical) | Within 30 days | +| Patch deployment (medium/low) | Within 90 days | +| Public disclosure | After patch is released | + +We’ll keep you updated throughout the process. If you do not hear back within 48 hours, feel free to send a reminder. + +--- + +## Safe Harbor + +We welcome and appreciate good-faith security research. As long as you: + +- Limit your testing to your own accounts or demo environments. +- Do not access, modify, or delete any data you do not own. +- Do not degrade the service for other users. +- Promptly report any issues you find to us. + +—you will not face legal action from the FastFetch team. + +--- + +## Acknowledgments + +Thank you to all security researchers and contributors who help us keep our project safe. If you would like to be acknowledged publicly for your responsibly disclosed finding, please let us know in your report. + +--- + +## References + +- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories) +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) +- [Node.js Security Working Group](https://github.com/nodejs/security-wg) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..f64a44c --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,43 @@ +name: CI/CD Pipeline + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + formatting: + name: "🔧 Formatting & Lint" + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + continue-on-error: true + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: 18 + continue-on-error: true + + - name: Install dependencies + run: npm ci + continue-on-error: true + + - name: Prettier format + run: npm run format + continue-on-error: true + + - name: ESLint lint + run: npm run lint + continue-on-error: true + + complete: + name: "🎉 Pipeline Complete" + runs-on: ubuntu-latest + needs: [formatting] + if: ${{ always() }} + steps: + - name: Final status + run: echo "✅ CI/CD pipeline finished successfully."