Thank you for your interest in contributing to Nehonix Security Booster (NSB)! This document provides guidelines and workflows to help you contribute effectively to the project.
- Code of Conduct
- Getting Started
- Development Workflow
- Pull Request Process
- Coding Standards
- Security Best Practices
- Testing Guidelines
- Documentation
- Issue Reporting
- Feature Requests
- Community
Our project adheres to a Code of Conduct that sets expectations for participation in our community. We expect all contributors to read and follow our Code of Conduct.
- Node.js (v14 or later)
- npm or yarn
- Git
- Fork the repository on GitHub
- Clone your fork locally:
git clone https://github.com/Nehonix-Team/StruLink.git
- Install dependencies:
npm install # or yarn install - Add the original repository as an upstream remote:
git remote add upstream https://github.com/Nehonix-Team/StruLink.git
-
Create a new branch for your feature or bugfix:
git checkout -b feature/your-feature-name # or git checkout -b fix/issue-you-are-fixing -
Make your changes and commit them with clear, descriptive commit messages:
git commit -m "Add feature: brief description of what you did" -
Keep your branch updated with the main branch:
git fetch upstream git rebase upstream/main
-
Run tests to ensure your changes don't break existing functionality:
npm test # or yarn test
-
Push your changes to your fork:
git push origin feature/your-feature-name
- Submit a pull request (PR) from your forked repository to our main repository.
- Ensure your PR has a clear title and description that explains the changes and their purpose.
- Link any relevant issues in your PR description using keywords like "Fixes #123" or "Resolves #456".
- Your PR will be reviewed by maintainers who may request changes or clarification.
- Once approved, a maintainer will merge your PR into the main branch.
- Code follows project coding standards
- All tests pass
- New features include appropriate tests
- Documentation has been updated
- Changes have been tested in supported browsers
- Security implications have been considered
We follow strict coding standards to maintain code quality and consistency:
- Use TypeScript or Python for all new code
- Follow the project's ESLint configuration
- Use meaningful variable and function names
- Keep functions small and focused
- Document complex logic with comments
- Use async/await instead of raw promises where possible
- Avoid any implicit type conversions
- Implement proper error handling with specific error types
- Use immutable data patterns where appropriate
- Use functional components with hooks
- Keep components small and focused on a single responsibility
- Use TypeScript interfaces for props and state
- Implement proper error boundaries
- Follow React best practices for performance optimization
- Use React context appropriately for state management
- Ensure accessibility compliance (WCAG standards)
Security is a core focus of the Nehonix Security Booster project. All contributors should adhere to these security principles:
- Never store sensitive information (API keys, credentials) in code
- Use environment variables for configuration with proper validation
- Implement input validation for all user-supplied data
- Follow the principle of least privilege in all implementations
- Use parameterized queries to prevent injection attacks
- Implement proper output encoding to prevent XSS
- Keep dependencies updated and regularly audit for vulnerabilities
- Document security considerations for any new feature
- Follow OWASP guidelines for secure coding practices
- Implement rate limiting for API endpoints
- When modifying detection algorithms, ensure backward compatibility
- Document any changes to threat detection patterns
- Test new patterns against both malicious and benign samples
- Consider performance implications of security checks
- Follow the established pattern structure for new threat signatures
All code contributions should include appropriate tests:
- Write unit tests for all new functions and methods
- Include integration tests for feature interactions
- Add security-focused tests for detection capabilities
- Maintain or improve code coverage with each PR
- Test edge cases and error conditions
- Use the project's testing framework and conventions
Good documentation is essential for the project's usability and maintainability:
- Update README.md with any user-facing changes
- Document all public APIs with JSDoc comments
- Include examples for new features
- Update changelog for significant changes
- Document security implications and considerations
- Keep code comments current with implementation
- For complex algorithms, include explanations of the approach
When reporting issues, please include:
- A clear, descriptive title
- Detailed steps to reproduce the issue
- Expected vs. actual behavior
- Version information (Node.js, npm/yarn, project version)
- Environment details (OS, browser if applicable)
- Screenshots or code snippets if relevant
- Any error messages or logs
Use issue templates when available and add appropriate labels.
We welcome feature requests that align with the project's goals:
- Clearly describe the problem your feature would solve
- Explain how your suggestion enhances security capabilities
- Provide examples of use cases
- Consider implementation complexity and maintenance
- Indicate if you're willing to contribute the implementation
Join our community to discuss the project, get help, and collaborate:
- GitHub Discussions: Ask questions and share ideas
- Security Reports: For sensitive security issues, please email security@nehonix.space instead of creating public issues
- Contributing: We welcome contributors of all experience levels
- Code of Conduct: All community interactions are governed by our Code of Conduct