Skip to content

Latest commit

 

History

History
97 lines (62 loc) · 3.59 KB

CONTRIBUTING.md

File metadata and controls

97 lines (62 loc) · 3.59 KB
Raw

🚀 Contributing

Thank you for investing your time in contributing to this project.

🚧 This guide is a work in progress.

Posting or commenting an issue

Remember that we are doing this project on our own time. We are humans: we like support, and we expect kindness :)

When posting a new comment on an issue, make sure your comment adds value. Don't post a comment just to get attention.

Writing code

Any contribution should resolve an issue.

If there is no issue and discussion about the change you want to introduce, then post a new issue or discussion for discussing that.

This project follows the lib9 TypeScript style guide. We recommend reading the style guide before writing any code.

Format your changes

Execute npm run format to format your code.

Test your changes

Execute npm test to check types and code format, to execute unit tests and lint the code.

Add a changelog entry

When the changes are visible for the package's users, you should add an entry in the changelog in the section entitled Unreleased. A changelog entry should add context and motivation. Take a look to the previous entries to get examples.

Commit your changes

This project follows a specific format for commit messages. It uses a subset of Conventional commit.

Every commit should pass the test suite. You can test several commits at once thanks to git rebase. The following commands test the two last commits:

git rebase --exec 'npm test' HEAD~2

Project philosophy

Minimize dependencies

This project embraces a strict policy regarding dependency management. This aims to avoid potential security vulnerabilities and software bloat.

  1. Think twice before adding a new dependency.

    If you think a dependency should be added, then justify why. This justification should be written in the commit that adds the dependency.

  2. Avoid packages with dozens or hundreds of direct or indirect third-party dependencies.

    Third-party dependencies are packages that aren't authored by the same organization or author.

    NPM Graph allows visualizing the graph of dependency of a package.

  3. Audit small and untrusted packages

    Sometimes there is no better choice that a package authored by a single developer. In this case you should take the time to review the source code.

    Audit every update of the package. You should depend on an exact version of the package:

    npm install --save-exact untrusted-package

    Note that this doesn't apply the restriction on the dependencies of untrusted-package. This is why you should avoid untrusted packages with untrusted dependencies.

When you add a new dependency, you should also ensure that its license is compatible with this project. You should also review the licenses of its direct and indirect dependencies.