Merge pull request #44 from kaandesu/feature/security-contributing-de…

…pendency

feat: added security policy, added scripts to contributing, adjusted package dependencies

.changeset/fuzzy-games-hide.md

@@ -0,0 +1,5 @@
+---
+'vue-paho-mqtt': patch
+---
+
+Removed unnecessary packages from `package.json`, added a security policy, added scripts to contribution guidelines.

CONTRIBUTING.md

@@ -2,17 +2,37 @@
 
 ### ❗ **Common mistakes**
 
--   Opening a pull request without a description or a proper name is not fun for the reviewer, so try to explain your change as much as possible either by text or a code snippet.
--   Adding new dependencies or modifying the `package.json` will most likely be not accepted or will be accepted in a long time since adding a new dependency to the codebase can be tricky.
--   This project uses `npm`, so please try to respect the choice and try to use it.
+- Opening a pull request without a description or a proper name is not fun for the reviewer, so try to explain your change as much as possible either by text or a code snippet.
+- Adding new dependencies or modifying the `package.json` will most likely be not accepted or will be accepted in a long time since adding a new dependency to the codebase can be tricky.
+- This project uses `npm`, so please try to respect the choice and try to use it.
+
+### 📝 Useful scripts
+
+These are the useful scripts that you can use while developing. You can find them in the `package.json` file. You can run them by using `npm run <script_name>`.
+
+| Script             | Description                                    |
+| ------------------ | ---------------------------------------------- |
+| `dev`              | Start the development environment              |
+| `build`            | Test and build the app and the `live-demo`     |
+| `build:live-demo`  | Only build the `live-demo`                     |
+| `preview`          | Run the app on _preview_ mode                  |
+| `generate:types`   | Generate all the types for the project         |
+| `changeset`        | Adds a changelog to the project after a change |
+| `test`             | Run the tests excluding the broker tests       |
+| `test:watch`       | Watch the tests excluding the broker tests     |
+| `test:utils`       | Run the tests including the broker tests       |
+| `test:utils:watch` | Watch the tests including the broker tests     |
+| `test:coverage`    | Create a coverage report for the tests         |
+
+When pushing your changes, always include a **changeset** file. You can do this by running the `changeset` script. It will ask you a few questions and then create a file for you. You can read more about it [here](https://github.com/changesets/changesets/blob/main/docs/adding-a-changeset.md).
 
 ### 🐛 **Did you find a bug?**
 
-Ensure the bug was not already reported by searching on GitHub under [Issues]([repository-url]/issues). If you're unable to find an open issue addressing the problem, [open a new one]([repository-url]/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible demonstrating the expected behavior that is not occurring.
+Ensure the bug was not already reported by searching on GitHub under [Issues](https://github.com/kaandesu/vue-paho-mqtt/issues). If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/kaandesu/vue-paho-mqtt/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible demonstrating the expected behavior that is not occurring.
 
 ### 💡 **Do you want to add a new feature or change an existing one?**
 
-[Open a GitHub issue]([repository-url]/issues/new) stating your feature request clearly. We can discuss it on the issue thread, then you can implement it! 🎉
+[Open a GitHub issue](https://github.com/kaandesu/vue-paho-mqtt/issues/new) stating your feature request clearly. We can discuss it on the issue thread, then you can implement it! 🎉
 
 ### ✨ **Did you write a change that fixes a bug?**
 
@@ -21,33 +41,31 @@ Open a new GitHub pull request with the patch.
 1. Fork the repository
 2. Modify the code and make your amazing change
 3. Create your feature branch
-    ```sh
-    git checkout -b feature/<your_feature>
-    ```
+   ```sh
+   git checkout -b feature/<your_feature>
+   ```
 4. **IMPORTANT!** If your code contains minor or a major change that needs to be stated on the changelog, please run the command below and write down what you have changed in a brief manner.
-    ```sh
-    pnpm changeset
-    ```
+   ```sh
+   npm run changeset
+   ```
 5. Add your changes
-    ```sh
-    git add .
-    ```
+   ```sh
+   git add .
+   ```
 6. Commit your changes _(please respect the commit message standards)_
-    ```sh
-    git commit -m "feat: added amazing things!"
-    ```
+   ```sh
+   git commit -m "feat: added amazing things!"
+   ```
 7. Push your changes
-    ```sh
-    git push -u origin feature/<your_feature>
-    ```
+   ```sh
+   git push -u origin feature/<your_feature>
+   ```
 8. Open a pull request from your branch
-    - State your change in the title according to the [conventional commit guidelines](https://www.conventionalcommits.org/en/v1.0.0/).
-    - Please respect the pull request template while writing your PR description.
+   - State your change in the title according to the [conventional commit guidelines](https://www.conventionalcommits.org/en/v1.0.0/).
+   - Please respect the pull request template while writing your PR description.
 
 Open source software is beautiful, all of your contributions are much appreciated
 
 Thanks!
 
 _This guideline was inspired by the [Ruby on Rails](https://github.com/rails/rails/) team_
-
-[repository-url]: https://github.com/kaandesu/vue-paho-mqtt

README.md

@@ -59,6 +59,7 @@ This plugin allows you to connect to a MQTT broker and subscribe to topics in yo
 - [Credits](#credits)
   - [Contact](#contact)
 - [Changelog](#changelog)
+- [Security](#security)
 
 ## Installation
 
@@ -235,27 +236,32 @@ Custom callbacks can be passed to the connect function. Such as `onConnect`, `on
 - `onConnectionLost()`: returns an response object with the following properties:
   - `errorCode`: the error code.
 - `onMessageArrived()`:
- returns a message object with the following properties:
+  returns a message object with the following properties:
   - `payloadString`: the message payload as a string.
   - `destinationName`: the name of the topic that the message was published to.
 
-Note: Inside the 'subscribe' function a function is passed to the 'onMessageArrived' callback. 
-This function is used to parse the message payload and return the parsed message inside the subscribe 
+Note: Inside the 'subscribe' function a function is passed to the 'onMessageArrived' callback.
+This function is used to parse the message payload and return the parsed message inside the subscribe
 function where it is called.
 You don't really need to handle arriving messages in the 'onMessageArrived' callback.
+
 ### Type Definition
 
 ```ts
-type ConnectFunction = ({ onConnect, onFailure, onConnectionLost, onMessageArrived, }?: {
-    onConnect?: (() => unknown) | undefined;
-    onFailure?: (() => unknown) | undefined;
-    onConnectionLost?: ((responseObject: {
-        errorCode: number;
-    }) => unknown) | undefined;
-    onMessageArrived?: ((message: {
-        payloadString: string;
-        destinationName: string;
-    }) => void) | undefined;
+type ConnectFunction = ({
+  onConnect,
+  onFailure,
+  onConnectionLost,
+  onMessageArrived,
+}?: {
+  onConnect?: (() => unknown) | undefined;
+  onFailure?: (() => unknown) | undefined;
+  onConnectionLost?:
+    | ((responseObject: { errorCode: number }) => unknown)
+    | undefined;
+  onMessageArrived?:
+    | ((message: { payloadString: string; destinationName: string }) => void)
+    | undefined;
 }) => Promise<unknown>;
 ```
 
@@ -318,7 +324,7 @@ Disconnect from the mqtt broker. Shows a dialog notification in case of error if
 ### Type Definition
 
 ```ts
-type DisconnectFunction = () => Promise<unknown>
+type DisconnectFunction = () => Promise<unknown>;
 ```
 
 ### Usage
@@ -347,14 +353,13 @@ It is used to subscribe to the topic specified, and to define the function to ca
 | `onMessage` | `function` | Arrow function with a parameter to be fired when a message arrives to the specified topic | - |
 | `useMainTopic` | `boolean` | main topic defined in the [MQTT Options](#mqtt-options) will be prepended to the topic specified | `true` |
 
-
 ### Type Definition
 
 ```ts
 type SubscribeFunction = (
   topic: string,
   onMessage: (data: string) => unknown,
-  useMainTopic?: boolean
+  useMainTopic?: boolean,
 ) => void;
 ```
 
@@ -377,12 +382,14 @@ this.$mqtt.subscribe(
 ```
 
 ### Composition API
+
 ```ts
 import { $mqtt } from 'vue-paho-mqtt';
 $mqtt.subscribe('my/topic', (data: string) => {
   console.log(data, 'recieved');
 });
 ```
+
 ---
 
 ## Publish
@@ -396,7 +403,7 @@ type PublishFunction = (
   topic: string,
   payload: string,
   mode: MqttMode,
-  useMainTopic?: boolean
+  useMainTopic?: boolean,
 ) => void;
 ```
 
@@ -424,20 +431,24 @@ this.$mqtt.publish('test/topic', 'Hello, world!', 'Qr');
 
 // payload: "Hello, world!"
 ```
+
 ### Composition API
+
 ```ts
 import { $mqtt } from 'vue-paho-mqtt';
 $mqtt.publish('test/topic', 'Hello, world!', 'Qr');
 ```
+
 ---
 
 ## Host
 
 Get or set the host parameter from the [MQTT Options](#mqtt-options).
 
 ### Type Definition
+
 ```ts
-type HostFunction = (e?: string) => string
+type HostFunction = (e?: string) => string;
 ```
 
 ### Get Host
@@ -465,14 +476,17 @@ onMounted(() => {
   console.log(this.$mqtt.host());
 });
 ```
+
 ### Composition API
+
 ```ts
-import { onMounted }  from  "vue";
+import { onMounted } from 'vue';
 import { $mqtt } from 'vue-paho-mqtt';
 onMounted(() => {
   console.log($mqtt.host());
 });
 ```
+
 ---
 
 ## Port
@@ -482,7 +496,7 @@ Get or set the port parameter from the [MQTT Options](#mqtt-options).
 ### Type Definition
 
 ```ts
-type PortFunction = (e?: number) => number
+type PortFunction = (e?: number) => number;
 ```
 
 ### Get Port
@@ -505,16 +519,16 @@ $mqtt.port(1234);
 </template>
 ```
 
-
 ```ts
 onMounted(() => {
   console.log(this.$mqtt.port());
 });
 ```
 
 ### Composition API
+
 ```ts
-import { onMounted }  from  "vue";
+import { onMounted } from 'vue';
 import { $mqtt } from 'vue-paho-mqtt';
 onMounted(() => {
   console.log($mqtt.port());
@@ -528,8 +542,9 @@ onMounted(() => {
 Get or set the clientId parameter from the [MQTT Options](#mqtt-options).
 
 ### Type Definition
+
 ```ts
-type ClientIdFunction = (e?: string) => string
+type ClientIdFunction = (e?: string) => string;
 ```
 
 ### Get clientId
@@ -557,22 +572,27 @@ onMounted(() => {
   console.log(this.$mqtt.clientId());
 });
 ```
+
 ### Composition API
+
 ```ts
-import { onMounted }  from  "vue";
+import { onMounted } from 'vue';
 import { $mqtt } from 'vue-paho-mqtt';
 onMounted(() => {
   console.log($mqtt.clientId());
 });
 ```
+
 ---
 
 ## Main Topic
 
 Get or set the mainTopic parameter from the [MQTT Options](#mqtt-options).
+
 ### Type Definition
+
 ```ts
-type MainTopicFunction = (e?: string) => string | undefined
+type MainTopicFunction = (e?: string) => string | undefined;
 ```
 
 ### Get mainTopic
@@ -600,14 +620,17 @@ onMounted(() => {
   console.log(this.$mqtt.mainTopic());
 });
 ```
+
 ### Composition API
+
 ```ts
-import { onMounted }  from  "vue";
+import { onMounted } from 'vue';
 import { $mqtt } from 'vue-paho-mqtt';
 onMounted(() => {
   console.log($mqtt.mainTopic());
 });
 ```
+
 ---
 
 ## Unsubscribe
@@ -617,10 +640,7 @@ Used to unsubscribe from the topic specified
 ### Type Definition
 
 ```ts
-type UnsubscribeFunction = (
-  topic: string,
-  useMainTopic?: boolean
-) => void
+type UnsubscribeFunction = (topic: string, useMainTopic?: boolean) => void;
 ```
 
 |     param      |   type    |                                           explanation                                            | default |
@@ -647,8 +667,9 @@ Used to unsubscribe from **all** the topics subscribed previously.
 ### Type Definition
 
 ```ts
-type UnsubscribeAllFunction = () => void
+type UnsubscribeAllFunction = () => void;
 ```
+
 ### Usage
 
 ```ts
@@ -660,6 +681,7 @@ $mqtt.unsubscribeAll();
 ## Status
 
 Used to get the status of the mqtt connection.
+
 ### Type Definition
 
 ```ts
@@ -748,8 +770,8 @@ onMounted(() => {
 
 ## Contributing
 
-Contributions to the project is highly appreciated. 
-If you have any suggestions/questions/requests please consider 
+Contributions to the project is highly appreciated.
+If you have any suggestions/questions/requests please consider
 [opening an issue](https://github.com/kaandesu/vue-paho-mqtt/issues/new). If you want to contribute to the project, fixing an open issue is greatly recommended and appreciated. To see the all contribution rules please check the [contribution rules](CONTRIBUTING.md).
 
 ## License
@@ -772,3 +794,7 @@ This project is created and actively maintained by [kaandesu](https://github.com
 ## Changelog
 
 Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.
+
+## Security
+
+The security policy of the project can be found in [SECURITY.md](SECURITY.md). If you find any security issues, please refer to the policy. Thank you.

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. Here are the versions that are currently being supported with security updates. If you are using an older version, please upgrade.
+
+| Version | Supported |
+| ------- | --------- |
+| 0.2.x   | ✅        |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within this project, please send an e-mail to the maintainers. The e-mails can be found in the [README file](README.md#contact). Please do not disclose security-related issues publicly until a patch has been announced. Thank you for improving the security of this project! We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.