Move Wiki pages to docs foldes (fixes #808) (#818)

* Replace Release Notes with info about CHANGELOG.md and Releases

* Replace Release Notes with links to CHANGELOG.md and Releases

* Updated Releases (markdown)

* Revert "Updated Releases (markdown)"

This reverts commit b9214fd89cc3cd2238a4f43c3c4bf7ac3c2cc7e9.

* Add instruction to replace @next placeholder

* Move Wiki files to docs folder (fixes #808)

* Apply Prettier formatter to docs

* Update link to Releases doc

* Replace Markdown table format with HTML table

* Add links from removed Releases page to README.md

CONTRIBUTING.md

@@ -69,4 +69,4 @@ You can use `npm start` watcher that will rebuild TS files from `src` before lau
 
 ## Creating a new Release
 
-Refer to the [Releases Wiki Page](https://github.com/Microsoft/tslint-microsoft-contrib/wiki/Releases).
+Refer to the [Releases doc](./docs/Releases.md).

README.md

@@ -1250,3 +1250,7 @@ We recommend you specify exact versions of lint libraries, including `tslint-mic
 ## Development
 
 See [CONTRIBUTING.md](./CONTRIBUTING.md).
+
+## Release notes
+
+Check GitHub [Releases](https://github.com/Microsoft/tslint-microsoft-contrib/releases) for individual release notes or [CHANGELOG.md](./CHANGELOG.md) for full project changelog.

docs/README.md

@@ -0,0 +1,16 @@
+# Welcome to the `tslint-microsoft-contrib` docs!
+
+## General info
+
+-   [TSLint and the Microsoft Security Development Lifecycle](./TSLint-and-the-Microsoft-Security-Development-Lifecycle.md)
+-   [Releases](./Releases.md)
+
+## Detailed info for rules
+
+-   [react-a11y-img-has-alt](./react-a11y-img-has-alt-Rule.md)
+-   [react-a11y-props](./react-a11y-props-Rule.md)
+-   [react-a11y-role-has-required-props](./react-a11y-role-has-required-props-Rule.md)
+-   [react-a11y-role-supports-aria-props](./react-a11y-role-supports-aria-props-Rule.md)
+-   [react-a11y-tabindex-no-positive](./react-a11y-tabindex-no-positive-Rule.md)
+-   [react-ally-role](./react-ally-role-Rule.md)
+-   [react-no-dangerous-html](./react-no-dangerous-html-Rule.md)

docs/Releases.md

@@ -0,0 +1,59 @@
+# Overview
+
+-   The npm package is published by the [Microsoft account](https://www.npmjs.com/~microsoft)
+-   [Directions for publishing](https://opensourcehub.microsoft.com/articles/how-to-publish-npm-package) with the Microsoft Account are available with CORPNET access
+-   Releases are made from the "master" branch and tagged with the format "[version]"
+
+## Prepare the tslint-microsoft-contrib master branch
+
+-   Make sure there are 0 closed issues without a milestone. Assign milestone as needed using [this query](https://github.com/Microsoft/tslint-microsoft-contrib/issues?q=no%3Amilestone%20is%3Aclosed%20)
+-   Close the milestone
+-   Open the next milestone
+-   Update `CHANGELOG.md`. Stable releases should contain list of new changes as well as full list of changes since previous stable release.
+-   Make sure `package.json` and `package-lock.json` contain the version you wish to publish
+-   Update `README.md` to have the correct links and version numbers for new rules (replace `@next` placeholder with next version)
+-   Pull any recent git changes and rebuild:
+
+```shell
+git pull
+npm run test
+```
+
+-   Tag the master branch with the format [version]
+
+```shell
+git tag 0.0.1
+git push --tags
+```
+
+-   Create [release](https://github.com/Microsoft/tslint-microsoft-contrib/releases) for newly pushed tag
+-   Increase the version number in package.json and README.md to the next minor version and push
+
+## Prepare the tslint-microsoft-contrib releases branch
+
+-   Clone the repo again to a new folder:
+
+```shell
+git clone https://github.com/Microsoft/tslint-microsoft-contrib tslint-microsoft-contrib-releases
+```
+
+-   Checkout branch `releases`
+
+```shell
+git checkout releases
+```
+
+-   Replace all files with the contents of `/dist/build` directory created from `master`
+-   Commit and push to remote
+-   tag the releases branch with the format `npm-[version]`
+
+```shell
+git tag npm-2.0.10
+git push --tags
+```
+
+## Publish the Package with the Microsoft npmjs Account
+
+-   Follow the steps at https://docs.opensource.microsoft.com/releasing/build-your-project.html#npm
+    -   Basically just send the email they want and wait a little while
+    -   Include the npmjs.org user ids of all contributors: brndkfr, hamletdrc, dmanesku, joshuakgoldberg

docs/TSLint-and-the-Microsoft-Security-Development-Lifecycle.md

@@ -0,0 +1,120 @@
+The [Security Development Lifecycle (SDL)](https://www.microsoft.com/en-us/sdl/) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.
+
+Together TypeScript, TSLint, and tslint-microsoft-contrib have automated most of the rules and recommendations made by the MS SDL.
+
+Enable these rules in order to be compliant with the SDL:
+
+<table>
+    <thead>
+    <tr>
+        <th>Rule Name</th>
+        <th>From</th>
+        <th>Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr>
+        <td><code>no-eval</code></td>
+        <td>tslint</td>
+        <td>Do not use the `eval` function or its functional equivalents.</td>
+    </tr>
+    <tr>
+        <td><code>use-strict</code></td>
+        <td>tslint</td>
+        <td>Always enable strict mode when possible.</td>
+    </tr>
+    <tr>
+        <td><code>no-octal-literal</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use octal literals or escaped octal sequences in strict-mode compatible code.</td>
+    </tr>
+    <tr>
+        <td><code>no-duplicate-parameter-names</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not duplicate parameter names.</td>
+    </tr>
+    <tr>
+        <td><code>no-delete-expression</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not delete expressions.</td>
+    </tr>
+    <tr>
+        <td><code>no-disable-auto-sanitization</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not disable auto-sanitization in frameworks or application helper code.</td>
+    </tr>
+    <tr>
+        <td><code>no-exec-script</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Banned term - `execScript`.</td>
+    </tr>
+    <tr>
+        <td><code>no-string-based-set-timeout</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use the version of `setTimeout` that accepts code as a string argument. However, it is acceptable to use the version of `setTimeout` where a direct reference to a function is provided as the callback argument.</td>
+    </tr>
+    <tr>
+        <td><code>no-string-based-set-interval</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use the version of `setInterval` that accepts code as a string argument. However, it is acceptable to use the version of `setInterval` where a direct reference to a function is provided as the callback argument.</td>
+    </tr>
+    <tr>
+        <td><code>no-string-based-set-immediate</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use the version of `setImmediate` that accepts code as a string argument. However, it is acceptable to use the version of ``setImmediate` where a direct reference to a function is provided as the callback argument.</td>
+    </tr>
+    <tr>
+        <td><code>no-function-constructor-with-string-args</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use the version of the Function constructor that accepts a string argument to define the body of the function.</td>
+    </tr>
+    <tr>
+        <td><code>no-banned-terms</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not access terms or variables that create ambiguity or are banned in strict mode.</td>
+    </tr>
+    <tr>
+        <td><code>no-reserved-keywords</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not use reserved and future reserved keywords as identifiers.</td>
+    </tr>
+    <tr>
+        <td><code>no-document-domain</code></td>
+        <td>tslint-microsoft-contrib</td>
+        <td>Do not write to `document.domain`. Scripts setting `document.domain` to any value should be validated to ensure that the value is on a list of allowed sites.</td>
+    </tr>
+    </tbody>
+</table>
+
+You will want your tslint ruleset defined similarly to this if you'd like to enable all of these rules:
+
+```json
+{
+    "rules": {
+        "no-banned-terms": true,
+        "no-delete-expression": true,
+        "no-document-domain": true,
+        "no-disable-auto-sanitization": true,
+        "no-duplicate-parameter-names": true,
+        "no-exec-script": true,
+        "no-function-constructor-with-string-args": true,
+        "no-octal-literal": true,
+        "no-reserved-keywords": true,
+        "no-string-based-set-immediate": true,
+        "no-string-based-set-interval": true,
+        "no-string-based-set-timeout": true,
+        "no-eval": true
+    }
+}
+```
+
+There are also some other security related rules that are not specifically part of the SDL. We recommend that you also use these rules:
+
+-   `no-document-write` - Do not use `document.write` (because it accepts unsanitized input)
+-   `no-http-string` – It can cause an http connection without TLS thus allowing a cookie stealing attack
+-   `no-inner-html` - Do not write values to `innerHTML`, `outerHTML`, or set HTML using the JQuery `html()` function
+-   `react-no-dangerous-html` - Do not use React's `dangerouslySetInnerHTML` API (because it accepts unsanitized input)
+
+Additionally, some [tsc compiler options](https://www.typescriptlang.org/docs/handbook/compiler-options.html) should be enabled:
+
+-   `--alwaysStrict` - Parse in strict mode and emit `"use strict"` for each source file

react-a11y-img-has-alt-Rule.md → docs/react-a11y-img-has-alt-Rule.md

@@ -1,11 +1,11 @@
 # react-a11y-img-has-alt
 
-Enforce that an `img` element contains the `alt` attribute. For decorative images, using empty alt attribute and role="presentation". All images must have `alt` text to convey their purpose and meaning to **screen reader users**.
+Enforce that an `img` element contains the `alt` attribute. For decorative images, using empty `alt` attribute and `role="presentation"`. All images must have `alt` text to convey their purpose and meaning to **screen reader users**.
 Besides, the `alt` attribute specifies an alternate text for an image, if the image cannot be displayed.
 
 ## References
 
-- [presentation (role)](https://www.w3.org/TR/wai-aria-1.1/#presentation)
+-   [presentation (role)](https://www.w3.org/TR/wai-aria-1.1/#presentation)
 
 ## Rule options
 
@@ -32,13 +32,14 @@ public render(): JSX.Element {
 }
 
 ```
+
 To make this plugin check your `Image` element, specify the following configuration in your `tslint.json` file:
 
 ```json
 {
-  "rules": {
-    "a11y-img-has-alt": [true, ["Image"]]
-  }
+    "rules": {
+        "a11y-img-has-alt": [true, ["Image"]]
+    }
 }
 ```