A GitHub repository template for Open Source JavaScript libraries (ESM) following best practices.
- Linting & formatting with ESLint & Prettier
- Testing with Jest
- Automated dependency updates with Renovate Bot
- Conventional commits with
commitlint - Automated version management, changelog generation and package publishing with
semantic-release - Code Quality, Security and Coverage with SonarCloud.
- Security score with OSSF Scorecard
- Issues/PR templates, code of conduct, contributing docs & security policy
- create your repository from this template.
- find and replace those variables with the correct values:
| Variable | Description |
|---|---|
{{PACKAGE_NAME}} |
npm package name |
{{SHORT_DESCRIPTION}} |
short description of your library |
{{REPOSITORY_OWNER}} |
GitHub account owning the repository |
{{REPOSITORY_NAME}} |
repository name |
{{DISCORD_SERVER_ID}} |
ID of your Discord community server |
{{DISCORD_SERVER_URL}} |
invite URL for your Discord community server |
{{AUTHOR_NAME}} |
author's name |
{{AUTHOR_EMAIL}} |
author's email |
{{AUTHOR_GITHUB_USERNAME}} |
author's GitHub account username |
{{COPYRIGHT_OWNER}} |
owner of the copyright |
{{COPYRIGHT_YEAR}} |
year of first publication |
{{CODEOWNER}} |
GitHub user or team for CODEOWNERS (without leading @) |
{{SONARCLOUD_PROJECT_KEY}} |
SonarCloud project key |
{{SONARCLOUD_ORG_KEY}} |
SonarCloud organization key |
{{SECURITY_POLICY_EMAIL}} |
email that should be used to report security vulnerabilities |
{{SECURITY_POLICY_PGP_FINRGERPRINT}} |
fingerprint of the PGP key that should be used to report security vulnerabilities |
{{SECURITY_POLICY_PGP_KEYSERVER}} |
keyserver hosting your PGP key (e.g. keyserver.ubuntu.com) |
{{SECURITY_POLICY_PGP_URL}} |
full URL to access your PGP key on the keyserver (e.g. https://keyserver.ubuntu.com/pks/lookup?search=0x...&fingerprint=on& op=index) |
- add some
keywordsinpackage.json. - create and add the workflows secrets:
- create a GitHub fine-grained token for the release pipeline and add it to your repository secrets as
CI_GITHUB_TOKEN. - create an npm granular token for the package and add it to your repository secrets as
NPM_TOKEN. - create a GitHub token for OSSF ScoreCard and add it to your repository secrets as
SCORECARD_GITHUB_TOKEN. - create a SonarCloud token and add it to your repository secrets as
SONAR_TOKEN.
- create a GitHub fine-grained token for the release pipeline and add it to your repository secrets as
- add the Renovate app to your repository.
- add the Step Security app to your repository
- download and import these two rulesets to your repository.
- make sure you enabled your Discord server's widget
- if your library is a development dependency, add
--save-devor-Dto the Installation section. - run
npm run lint:fix. - remove the
---below and everything above it, commit changes, and you're good to go 🚀
{{SHORT_DESCRIPTION}}
npm install {{PACKAGE_NAME}}Join the Discord server! Here you can discuss issues and get help in a more casual forum than GitHub.
This project is looking for help! If you're interested in helping with the project, please take a look at our contributing documentation.
Please have a look at our contributing documentation, it contains all the information you need to know before submitting an issue.