From b391c4df852a74f1d8dd223ea7a79c8c10ce2a9d Mon Sep 17 00:00:00 2001 From: Pelle Wessman Date: Mon, 29 Jul 2019 09:54:04 +0200 Subject: [PATCH] Add note about maintenance status + tweak some spelling --- SECURITY.md | 2 +- readme.md | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b37a8b8..fdc6a67 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,6 +15,6 @@ Send an e-mail to the maintainers, eg. @voxpelli through pelle@kodfabrik.se Star The maintainers will get back to you as soon as possible and work with you to evaluate and handle the vulnerability. -As none of the maintainers have maintenance commitance for this module as part of their day jobs, no promises can be made in how fast a fix can be made. +As none of the maintainers are maintaining this module as part of their day jobs, no promises can be made in how fast a fix can be made. Whenever feasible a patch version fixing the security vulnerability will be released and the reporting user, unless it wishes to stay anonymous, will be credited for their contribution. diff --git a/readme.md b/readme.md index 6565d5f..4392b6a 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ checks which modules you have used in your code and then makes sure they are lis [![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard) -## requirements +## requirements for maintained majors dependency-check `4.x` supports Node.js 10 and later @@ -17,12 +17,14 @@ dependency-check `3.x` supports Node.js 6 and later dependency-check `2.x` supports Node.js 0.10 and later (Dev note: published using the `legacy` tag) +For more info on maintenance status, see [SECURITY.md](./SECURITY.md). + ## how it works `dependency-check` parses your module code starting from the default entry files (e.g. `index.js` or `main` and any `bin` commands defined in package.json or if specific files has been defined, then those) and traverses through all relatively required JS files, ultimately producing a list of non-relative modules * **relative** - e.g. `require('./a-relative-file.js')`, if one of these are encountered the required file will be recursively parsed by the `dependency-check` algorithm -* **non-relative** - e.g. `require('a-module')`, if one of these are encountered it will get added to the list of dependencies, but subdependencies of the module will not get recursively parsed +* **non-relative** - e.g. `require('a-module')`, if one of these are encountered it will get added to the list of dependencies, but sub-dependencies of the module will not get recursively parsed the goal of this module is to simply check that all non-relative modules that get `require()`'d are in package.json, which prevents people from getting 'module not found' errors when they install your module that has missing deps which was accidentally published to NPM (happened to me all the time, hence the impetus to write this module).