npq 3.19.6 → 3.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -257,6 +257,10 @@ When auto-continue is disabled, npq will always prompt for explicit confirmation
257
257
 
258
258
  * This is not telemetry. NPQ does not collect any usage data. When auditing a package, NPQ fetches the maintainers/authors of the dependency and checks their email addresses to verify they are valid and not associated with expired domains. Expired domains can be abused by attackers for account takeover (ATO) attacks to compromise packages with malicious versions. Hence, NPQ may make DNS requests to domains like `gmail.com` or personal domains found in maintainer emails. Additionally, NPQ makes HTTP requests to `osv.dev` to fetch security vulnerability data (or uses Snyk if configured, as a prioritized option).
259
259
 
260
+ ## Documentation
261
+
262
+ - [Project documentation](./docs/README.md) - development, testing, architecture, and conventions.
263
+
260
264
  ## Contributing
261
265
 
262
266
  Please consult the [CONTRIBUTING](CONTRIBUTING.md) for guidelines on contributing to this project