ep_helmet 11.0.21 → 11.0.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -23,7 +23,7 @@ jobs:
|
|
|
23
23
|
# OIDC trusted publishing needs npm >= 11.5.1, which requires
|
|
24
24
|
# Node >= 20.17.0. setup-node's `20` resolves to the latest
|
|
25
25
|
# 20.x, which satisfies that.
|
|
26
|
-
node-version:
|
|
26
|
+
node-version: 25
|
|
27
27
|
registry-url: https://registry.npmjs.org/
|
|
28
28
|
- name: Upgrade npm to >=11.5.1 (required for trusted publishing)
|
|
29
29
|
run: npm install -g npm@latest
|
package/AGENTS.md
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# Agent Guide — ep_helmet
|
|
2
|
+
|
|
3
|
+
Adds Security headers to Etherpad Express responses, including CSP(content security policy), and x-frame-origin, useful for if you embed Etherpad in an iFrame.
|
|
4
|
+
|
|
5
|
+
## Tech stack
|
|
6
|
+
|
|
7
|
+
* Etherpad plugin framework (hooks declared in `ep.json`)
|
|
8
|
+
|
|
9
|
+
## Project structure
|
|
10
|
+
|
|
11
|
+
```
|
|
12
|
+
ep_helmet/
|
|
13
|
+
├── AGENTS.md
|
|
14
|
+
├── CONTRIBUTING.md
|
|
15
|
+
├── LICENSE.md
|
|
16
|
+
├── ep.json
|
|
17
|
+
├── expressConfigure.js
|
|
18
|
+
├── package.json
|
|
19
|
+
├── static/
|
|
20
|
+
│ ├── tests/
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Helpers used
|
|
24
|
+
|
|
25
|
+
_None — `ep_plugin_helpers` is not a dependency. Adoption is part of the helpers-adoption sweep (Phase 4)._
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
## Helpers NOT used
|
|
29
|
+
|
|
30
|
+
_To be audited in the helpers-adoption sweep (Phase 4)._
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
## Running tests locally
|
|
34
|
+
|
|
35
|
+
`ep_helmet` runs inside Etherpad's test harness. From an etherpad checkout that has installed this plugin via `pnpm run plugins i --path ../ep_helmet`:
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
# Backend (Mocha) — harness boots its own server
|
|
39
|
+
pnpm --filter ep_etherpad-lite run test
|
|
40
|
+
|
|
41
|
+
# Playwright — needs `pnpm run dev` in a second terminal
|
|
42
|
+
pnpm --filter ep_etherpad-lite run test-ui
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Standing rules for agent edits
|
|
46
|
+
|
|
47
|
+
* PRs target `main`. Linear commits, no merge commits.
|
|
48
|
+
* Every bug fix includes a regression test in the same commit.
|
|
49
|
+
* All user-facing strings in `locales/`. No hardcoded English in templates.
|
|
50
|
+
* No hardcoded `aria-label` on icon-only controls — etherpad's html10n auto-populates `aria-label` from the localized string when (a) the element has a `data-l10n-id` and (b) no author-supplied `aria-label` is present. Adding a hardcoded English `aria-label` blocks that and leaves it untranslated. (See `etherpad-lite/src/static/js/vendors/html10n.ts:665-678`.)
|
|
51
|
+
* No nested interactive elements (no `<button>` inside `<a>`).
|
|
52
|
+
* LLM/Agent contributions are explicitly welcomed by maintainers.
|
|
53
|
+
|
|
54
|
+
## Quick reference: hooks declared in `ep.json`
|
|
55
|
+
|
|
56
|
+
* Server: `expressConfigure`
|
|
57
|
+
|
|
58
|
+
When adding a hook, register it in both `ep.json` *and* the matching `exports.<hook> = ...` in the JS file.
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"description": "Adds Security headers to Etherpad Express responses, including CSP(content security policy), and x-frame-origin, useful for if you embed Etherpad in an iFrame",
|
|
3
3
|
"name": "ep_helmet",
|
|
4
|
-
"version": "11.0.
|
|
4
|
+
"version": "11.0.23",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "John McLear",
|
|
7
7
|
"email": "john@mclear.co.uk"
|