Merge pull request #153 from NodeSecure/maintenance

fraxken · web-flow · commit f78a8624130f · 2023-01-18T18:34:29.000+01:00
Adding security policy and updating badges
diff --git a/README.md b/README.md
@@ -1,16 +1,18 @@
 # Gitlab
-![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/gitlab/master/package.json&query=$.version&label=Version)
-[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/gitlab/commit-activity)
+
+![version](https://img.shields.io/badge/dynamic/json.svg?style=for-the-badge&url=https://raw.githubusercontent.com/NodeSecure/gitlab/master/package.json&query=$.version&label=Version)
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg?style=for-the-badge)](https://github.com/NodeSecure/gitlab/commit-activity)
 [![OpenSSF
-Scorecard](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab/badge)](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab)
-![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)
-![size](https://img.shields.io/github/repo-size/NodeSecure/gitlab)
-![known vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/NodeSecure/gitlab)
-![build](https://img.shields.io/github/actions/workflow/status/NodeSecure/gitlab/node.js.yml)
+Scorecard](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab/badge?style=for-the-badge)](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab)
+![MIT](https://img.shields.io/github/license/mashape/apistatus.svg?style=for-the-badge)
+![size](https://img.shields.io/github/repo-size/NodeSecure/gitlab?style=for-the-badge)
+![known vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/NodeSecure/gitlab?style=for-the-badge)
+![build](https://img.shields.io/github/actions/workflow/status/NodeSecure/gitlab/node.js.yml?style=for-the-badge)
 
 Download and (optionaly) extract gitlab repository archive.
 
 ## Requirements
+
 - [Node.js](https://nodejs.org/en/) v16 or higher
 
 ## Getting Started
@@ -24,6 +26,7 @@ $ yarn add @nodesecure/gitlab
 ```
 
 ## Usage example
+
 ```js
 import * as gitlab from "@nodesecure/gitlab";
 
@@ -33,6 +36,7 @@ console.log(is.location);
 ```
 
 ## API
+
 ```ts
 export interface DownloadOptions {
   /**
@@ -63,7 +67,7 @@ export type ExtractOptions = DownloadOptions & {
    * @default true
    */
   removeArchive?: boolean;
-}
+};
 
 export interface DownloadResult {
   /** Archive or repository location on disk */
@@ -76,13 +80,20 @@ export interface DownloadResult {
   branch: string;
 }
 
-export function download(repo: string, options?: DownloadOptions): Promise<DownloadResult>;
-export function downloadAndExtract(repo: string, options?: ExtractOptions): Promise<DownloadResult>;
+export function download(
+  repo: string,
+  options?: DownloadOptions
+): Promise<DownloadResult>;
+export function downloadAndExtract(
+  repo: string,
+  options?: ExtractOptions
+): Promise<DownloadResult>;
 export function setToken(gitlabToken: string): void;
 export function setUrl(gitlabUrl: string | URL): void;
 ```
 
 ### Private repositories
+
 To work with private repositories you can either setup a `GITLAB_TOKEN` system variable or use `setToken` method:
 
 ```js
@@ -92,6 +103,7 @@ gitlab.setToken("...");
 ```
 
 ### Custom gitlab URL
+
 To work with a custom gitlab instance you can either setup a `GITLAB_URL` system variable or use `setUrl` method:
 
 ```js
@@ -103,7 +115,9 @@ gitlab.setUrl("...");
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
+
 [![All Contributors](https://img.shields.io/badge/all_contributors-3-orange.svg?style=flat-square)](#contributors-)
+
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
@@ -125,4 +139,5 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 ## License
+
 MIT
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting Security Issues
+
+To report a security issue, please [publish a private security advisory](https://github.com/NodeSecure/gitlab/security/advisories) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within one week. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
