svger-cli 2.0.5 → 2.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.svgerconfig.example.json +119 -119
- package/CHANGELOG.md +155 -63
- package/DEVELOPMENT.md +352 -352
- package/LICENSE +20 -20
- package/README.md +2654 -2132
- package/SECURITY.md +68 -68
- package/bin/svg-tool.js +2 -2
- package/dist/core/framework-templates.js +285 -285
- package/dist/core/style-compiler.js +201 -201
- package/dist/core/template-manager.js +348 -348
- package/dist/services/svg-service.js +12 -12
- package/dist/templates/ComponentTemplate.js +17 -17
- package/docs/ADR-SVG-INTRGRATION-METHODS-001.adr.md +157 -157
- package/docs/ADR-SVG-INTRGRATION-METHODS-002.adr.md +549 -549
- package/docs/FRAMEWORK-GUIDE.md +768 -768
- package/docs/IMPLEMENTATION-SUMMARY.md +376 -376
- package/package.json +177 -179
package/SECURITY.md
CHANGED
|
@@ -1,69 +1,69 @@
|
|
|
1
|
-
# Security Policy
|
|
2
|
-
|
|
3
|
-
## Supported Versions
|
|
4
|
-
|
|
5
|
-
We actively support the following versions of SVGER-CLI with security updates:
|
|
6
|
-
|
|
7
|
-
| Version | Supported |
|
|
8
|
-
| ------- | ------------------ |
|
|
9
|
-
| 2.0.x | :white_check_mark: |
|
|
10
|
-
| 1.x.x | :x: |
|
|
11
|
-
|
|
12
|
-
## Reporting a Vulnerability
|
|
13
|
-
|
|
14
|
-
We take the security of SVGER-CLI seriously. If you discover a security vulnerability, please follow these guidelines:
|
|
15
|
-
|
|
16
|
-
### How to Report
|
|
17
|
-
|
|
18
|
-
1. **DO NOT** create a public GitHub issue for security vulnerabilities
|
|
19
|
-
2. Send an email to **faezemohades@gmail.com** with the subject line: `[SECURITY] SVGER-CLI Vulnerability Report`
|
|
20
|
-
3. Include the following information:
|
|
21
|
-
- Description of the vulnerability
|
|
22
|
-
- Steps to reproduce the issue
|
|
23
|
-
- Potential impact
|
|
24
|
-
- Suggested fix (if any)
|
|
25
|
-
- Your contact information
|
|
26
|
-
|
|
27
|
-
### What to Expect
|
|
28
|
-
|
|
29
|
-
- **Acknowledgment**: We will acknowledge receipt of your report within 24 hours
|
|
30
|
-
- **Assessment**: We will assess the vulnerability within 72 hours
|
|
31
|
-
- **Updates**: We will provide regular updates on our progress
|
|
32
|
-
- **Resolution**: Critical vulnerabilities will be patched within 7 days, others within 30 days
|
|
33
|
-
|
|
34
|
-
### Security Best Practices for Users
|
|
35
|
-
|
|
36
|
-
When using SVGER-CLI in your projects:
|
|
37
|
-
|
|
38
|
-
1. **Keep Updated**: Always use the latest version
|
|
39
|
-
2. **Validate Input**: Ensure SVG files come from trusted sources
|
|
40
|
-
3. **Review Output**: Inspect generated components before deploying
|
|
41
|
-
4. **File Permissions**: Use appropriate file permissions for generated components
|
|
42
|
-
5. **CI/CD Security**: Secure your build pipelines that use SVGER-CLI
|
|
43
|
-
|
|
44
|
-
### Security Features
|
|
45
|
-
|
|
46
|
-
SVGER-CLI includes several security features:
|
|
47
|
-
|
|
48
|
-
- **Zero Dependencies**: Eliminates third-party vulnerability vectors
|
|
49
|
-
- **Input Validation**: Validates SVG content before processing
|
|
50
|
-
- **Sandboxed Processing**: Processes files in isolated contexts
|
|
51
|
-
- **Safe Output Generation**: Generates safe, sanitized component code
|
|
52
|
-
- **File Locking**: Prevents unauthorized modification of protected files
|
|
53
|
-
|
|
54
|
-
### Disclosure Policy
|
|
55
|
-
|
|
56
|
-
- We believe in responsible disclosure
|
|
57
|
-
- We will credit security researchers who report vulnerabilities responsibly
|
|
58
|
-
- We may create a security advisory for significant vulnerabilities
|
|
59
|
-
- We will notify users through our release notes and GitHub security advisories
|
|
60
|
-
|
|
61
|
-
## Contact
|
|
62
|
-
|
|
63
|
-
For any security-related questions or concerns:
|
|
64
|
-
|
|
65
|
-
- **Primary Contact**: faezemohades@gmail.com
|
|
66
|
-
- **Alternative Contact**: navidrezadoost07@gmail.com
|
|
67
|
-
- **PGP Key**: Available upon request
|
|
68
|
-
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
We actively support the following versions of SVGER-CLI with security updates:
|
|
6
|
+
|
|
7
|
+
| Version | Supported |
|
|
8
|
+
| ------- | ------------------ |
|
|
9
|
+
| 2.0.x | :white_check_mark: |
|
|
10
|
+
| 1.x.x | :x: |
|
|
11
|
+
|
|
12
|
+
## Reporting a Vulnerability
|
|
13
|
+
|
|
14
|
+
We take the security of SVGER-CLI seriously. If you discover a security vulnerability, please follow these guidelines:
|
|
15
|
+
|
|
16
|
+
### How to Report
|
|
17
|
+
|
|
18
|
+
1. **DO NOT** create a public GitHub issue for security vulnerabilities
|
|
19
|
+
2. Send an email to **faezemohades@gmail.com** with the subject line: `[SECURITY] SVGER-CLI Vulnerability Report`
|
|
20
|
+
3. Include the following information:
|
|
21
|
+
- Description of the vulnerability
|
|
22
|
+
- Steps to reproduce the issue
|
|
23
|
+
- Potential impact
|
|
24
|
+
- Suggested fix (if any)
|
|
25
|
+
- Your contact information
|
|
26
|
+
|
|
27
|
+
### What to Expect
|
|
28
|
+
|
|
29
|
+
- **Acknowledgment**: We will acknowledge receipt of your report within 24 hours
|
|
30
|
+
- **Assessment**: We will assess the vulnerability within 72 hours
|
|
31
|
+
- **Updates**: We will provide regular updates on our progress
|
|
32
|
+
- **Resolution**: Critical vulnerabilities will be patched within 7 days, others within 30 days
|
|
33
|
+
|
|
34
|
+
### Security Best Practices for Users
|
|
35
|
+
|
|
36
|
+
When using SVGER-CLI in your projects:
|
|
37
|
+
|
|
38
|
+
1. **Keep Updated**: Always use the latest version
|
|
39
|
+
2. **Validate Input**: Ensure SVG files come from trusted sources
|
|
40
|
+
3. **Review Output**: Inspect generated components before deploying
|
|
41
|
+
4. **File Permissions**: Use appropriate file permissions for generated components
|
|
42
|
+
5. **CI/CD Security**: Secure your build pipelines that use SVGER-CLI
|
|
43
|
+
|
|
44
|
+
### Security Features
|
|
45
|
+
|
|
46
|
+
SVGER-CLI includes several security features:
|
|
47
|
+
|
|
48
|
+
- **Zero Dependencies**: Eliminates third-party vulnerability vectors
|
|
49
|
+
- **Input Validation**: Validates SVG content before processing
|
|
50
|
+
- **Sandboxed Processing**: Processes files in isolated contexts
|
|
51
|
+
- **Safe Output Generation**: Generates safe, sanitized component code
|
|
52
|
+
- **File Locking**: Prevents unauthorized modification of protected files
|
|
53
|
+
|
|
54
|
+
### Disclosure Policy
|
|
55
|
+
|
|
56
|
+
- We believe in responsible disclosure
|
|
57
|
+
- We will credit security researchers who report vulnerabilities responsibly
|
|
58
|
+
- We may create a security advisory for significant vulnerabilities
|
|
59
|
+
- We will notify users through our release notes and GitHub security advisories
|
|
60
|
+
|
|
61
|
+
## Contact
|
|
62
|
+
|
|
63
|
+
For any security-related questions or concerns:
|
|
64
|
+
|
|
65
|
+
- **Primary Contact**: faezemohades@gmail.com
|
|
66
|
+
- **Alternative Contact**: navidrezadoost07@gmail.com
|
|
67
|
+
- **PGP Key**: Available upon request
|
|
68
|
+
|
|
69
69
|
Thank you for helping keep SVGER-CLI secure!
|
package/bin/svg-tool.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
import("../dist/cli.js");
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import("../dist/cli.js");
|