Skip to content

Ship LICENSE.md in package and add SECURITY.md#133

Merged
omgovich merged 1 commit into
masterfrom
fix/license-and-security
May 23, 2026
Merged

Ship LICENSE.md in package and add SECURITY.md#133
omgovich merged 1 commit into
masterfrom
fix/license-and-security

Conversation

@omgovich

@omgovich omgovich commented May 22, 2026

Copy link
Copy Markdown
Owner

Summary

Test plan

  • npm pack --dry-run lists LICENSE.md in the tarball contents
  • SECURITY.md renders on the repo's Security tab and the "Report a vulnerability" link resolves

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings May 22, 2026 23:50

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves package/distribution metadata and security reporting guidance by ensuring the project’s license file is explicitly included in the published npm tarball and by adding a GitHub-native security policy document.

Changes:

  • Add LICENSE.md to package.json#files so it’s included in the published package (improves SBOM/license detection).
  • Add SECURITY.md with instructions to report vulnerabilities via GitHub private vulnerability reporting.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
SECURITY.md Adds a security policy and private vulnerability reporting link.
package.json Explicitly includes LICENSE.md in the npm publish whitelist.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SECURITY.md
- Add LICENSE.md to the package.json `files` array so SBOM tooling can
  detect the license in the published tarball (closes #128).
- Add SECURITY.md pointing to GitHub's private vulnerability reporting
  form for responsible disclosure (closes #108).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@omgovich omgovich force-pushed the fix/license-and-security branch from b813858 to 0588955 Compare May 23, 2026 00:21
@codecov

codecov Bot commented May 23, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (62b32e1) to head (0588955).

Additional details and impacted files
@@            Coverage Diff            @@
##            master      #133   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           41        41           
  Lines          622       622           
  Branches       115       140   +25     
=========================================
  Hits           622       622           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

Copy link
Copy Markdown

Size Change: 0 B

Total Size: 11.5 kB

ℹ️ View Unchanged
Filename Size
dist/index.js 2.09 kB
dist/plugins/a11y.js 463 B
dist/plugins/cmyk.js 717 B
dist/plugins/harmonies.js 231 B
dist/plugins/hwb.js 897 B
dist/plugins/lab.js 1.55 kB
dist/plugins/lch.js 1.44 kB
dist/plugins/minify.js 632 B
dist/plugins/mix.js 1.07 kB
dist/plugins/names.js 1.54 kB
dist/plugins/xyz.js 839 B

compressed-size-action

@omgovich omgovich self-assigned this May 23, 2026
@omgovich omgovich merged commit e1431b6 into master May 23, 2026
9 checks passed
@omgovich omgovich deleted the fix/license-and-security branch May 23, 2026 00:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Missing LICENSE.md file on shipped package Create SECURITY.md

2 participants