@ealforque/sequelize-field-parser 1.0.5 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/SECURITY.md +16 -0
- package/package.json +22 -18
package/README.md
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
|
|
4
4
|
|
|
5
|
+
|
|
6
|
+
[](https://badge.socket.dev/npm/package/@ealforque/sequelize-field-parser)
|
|
5
7
|
|
|
6
8
|
## Description
|
|
7
9
|
|
|
@@ -225,3 +227,14 @@ Warning: FieldParserService: Association alias 'profile' does not exist in model
|
|
|
225
227
|
}
|
|
226
228
|
*/
|
|
227
229
|
```
|
|
230
|
+
|
|
231
|
+
## Supply Chain Security
|
|
232
|
+
|
|
233
|
+
This package runs `npm audit` in its CI workflow to check for vulnerabilities in dependencies before publishing. Automated dependency updates and vulnerability checks are enabled for maximum supply chain security.
|
|
234
|
+
|
|
235
|
+
Example GitHub Actions step:
|
|
236
|
+
|
|
237
|
+
```yaml
|
|
238
|
+
- name: Audit dependencies
|
|
239
|
+
run: npm audit --audit-level=high
|
|
240
|
+
```
|
package/SECURITY.md
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting a Vulnerability
|
|
4
|
+
|
|
5
|
+
If you discover a security vulnerability in this package, please report it by opening an issue or emailing the maintainer at ealforque@gmail.com. Do not disclose security issues publicly until they have been reviewed and patched.
|
|
6
|
+
|
|
7
|
+
## Supply Chain Security Practices
|
|
8
|
+
|
|
9
|
+
- All dependencies are audited in CI using `npm audit --audit-level=high`.
|
|
10
|
+
- Automated dependency updates are enabled via Dependabot.
|
|
11
|
+
- Only trusted and maintained dependencies are used.
|
|
12
|
+
- Two-factor authentication is enabled for publishing.
|
|
13
|
+
|
|
14
|
+
## Responsible Disclosure
|
|
15
|
+
|
|
16
|
+
We appreciate responsible disclosure and will respond promptly to any security reports.
|
package/package.json
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ealforque/sequelize-field-parser",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.7",
|
|
4
4
|
"main": "dist/field_parser.service.js",
|
|
5
5
|
"types": "dist/field_parser.service.d.ts",
|
|
6
6
|
"files": [
|
|
7
|
-
"dist"
|
|
7
|
+
"dist",
|
|
8
|
+
"package-lock.json",
|
|
9
|
+
"README.md",
|
|
10
|
+
"SECURITY.md"
|
|
8
11
|
],
|
|
9
12
|
"scripts": {
|
|
10
13
|
"build": "rm -rf dist && tsc",
|
|
@@ -17,22 +20,23 @@
|
|
|
17
20
|
"access": "public"
|
|
18
21
|
},
|
|
19
22
|
"dependencies": {
|
|
20
|
-
"sequelize": "
|
|
23
|
+
"sequelize": "6.0.0"
|
|
21
24
|
},
|
|
22
25
|
"devDependencies": {
|
|
23
|
-
"@types/jest": "
|
|
24
|
-
"eslint": "
|
|
25
|
-
"eslint-config-prettier": "
|
|
26
|
-
"eslint-plugin-import": "
|
|
27
|
-
"eslint-plugin-simple-import-sort": "
|
|
28
|
-
"http-status-codes": "
|
|
29
|
-
"jest": "
|
|
30
|
-
"prettier": "
|
|
31
|
-
"sequelize-cli": "
|
|
32
|
-
"supertest": "
|
|
33
|
-
"ts-jest": "
|
|
34
|
-
"ts-node": "
|
|
35
|
-
"typescript": "
|
|
36
|
-
"typescript-eslint": "
|
|
37
|
-
}
|
|
26
|
+
"@types/jest": "29.5.14",
|
|
27
|
+
"eslint": "9.26.0",
|
|
28
|
+
"eslint-config-prettier": "10.1.3",
|
|
29
|
+
"eslint-plugin-import": "2.31.0",
|
|
30
|
+
"eslint-plugin-simple-import-sort": "12.1.1",
|
|
31
|
+
"http-status-codes": "2.3.0",
|
|
32
|
+
"jest": "29.7.0",
|
|
33
|
+
"prettier": "3.5.3",
|
|
34
|
+
"sequelize-cli": "6.6.2",
|
|
35
|
+
"supertest": "7.1.0",
|
|
36
|
+
"ts-jest": "29.3.2",
|
|
37
|
+
"ts-node": "10.9.2",
|
|
38
|
+
"typescript": "5.8.3",
|
|
39
|
+
"typescript-eslint": "8.32.0"
|
|
40
|
+
},
|
|
41
|
+
"license": "MIT"
|
|
38
42
|
}
|