Add note about maintenance status

+ tweak some spelling
dependency-check-team · Jul 29, 2019 · b391c4d · b391c4d
1 parent 864e899
commit b391c4d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -15,6 +15,6 @@ Send an e-mail to the maintainers, eg. @voxpelli through pelle@kodfabrik.se Star
 
 The maintainers will get back to you as soon as possible and work with you to evaluate and handle the vulnerability.
 
-As none of the maintainers have maintenance commitance for this module as part of their day jobs, no promises can be made in how fast a fix can be made.
+As none of the maintainers are maintaining this module as part of their day jobs, no promises can be made in how fast a fix can be made.
 
 Whenever feasible a patch version fixing the security vulnerability will be released and the reporting user, unless it wishes to stay anonymous, will be credited for their contribution.
diff --git a/readme.md b/readme.md
@@ -9,20 +9,22 @@ checks which modules you have used in your code and then makes sure they are lis
 
 [![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard)
 
-## requirements
+## requirements for maintained majors
 
 dependency-check `4.x` supports Node.js 10 and later
 
 dependency-check `3.x` supports Node.js 6 and later
 
 dependency-check `2.x` supports Node.js 0.10 and later (Dev note: published using the `legacy` tag)
 
+For more info on maintenance status, see [SECURITY.md](./SECURITY.md).
+
 ## how it works
 
 `dependency-check` parses your module code starting from the default entry files (e.g. `index.js` or `main` and any `bin` commands defined in package.json or if specific files has been defined, then those) and traverses through all relatively required JS files, ultimately producing a list of non-relative modules
 
 * **relative** - e.g. `require('./a-relative-file.js')`, if one of these are encountered the required file will be recursively parsed by the `dependency-check` algorithm
-* **non-relative** - e.g. `require('a-module')`, if one of these are encountered it will get added to the list of dependencies, but subdependencies of the module will not get recursively parsed
+* **non-relative** - e.g. `require('a-module')`, if one of these are encountered it will get added to the list of dependencies, but sub-dependencies of the module will not get recursively parsed
 
 the goal of this module is to simply check that all non-relative modules that get `require()`'d are in package.json, which prevents people from getting 'module not found' errors when they install your module that has missing deps which was accidentally published to NPM (happened to me all the time, hence the impetus to write this module).