From 2b83c545e3ecd3c41cca841ea4acc57a258b3d98 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 28 Jun 2026 03:05:41 +0000 Subject: [PATCH] docs: rewrite CONTRIBUTING to reflect published, active project CONTRIBUTING.md stated the package was "in incubation", "not yet open for external contributions", and asked readers to "check back after the package is published to npm". All three are inaccurate: @hailbytes/sbom-diff is published on npm (v1.0.1 is the latest dist-tag) and is actively taking contributions (multiple PRs merged; many open). The stale notice actively discouraged the contributions the project is soliciting. Replace it with an accurate contributor guide: dev setup, the real npm scripts (test/lint/typecheck/build), the CI checks, Conventional Commit style matching the existing history, and PR guidelines. Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_015FXrgnfVQVMvwjMtsaZqvL --- CONTRIBUTING.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 409c07b..2b6500c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,64 @@ # Contributing -Thank you for your interest in contributing to `@hailbytes/sbom-diff`. +Thanks for your interest in contributing to `@hailbytes/sbom-diff`! 🎉 -This package is currently in **incubation** and is not yet open for external contributions. The API surface is still being defined and may change significantly before the first public release. +This package is **published on npm** and under active development. Bug +reports, feature requests, and pull requests are all welcome. -Please check back after the package is published to npm. In the meantime, feel free to open an issue to discuss ideas or use cases. +## Ways to contribute + +- **Report a bug** — open an [issue](https://github.com/HailBytes/sbom-diff/issues) + with a minimal SBOM snippet (or the smallest reproduction you can share) and + the command you ran. +- **Propose a feature** — open an issue describing the use case before sending a + large PR, so we can agree on the direction. +- **Send a fix** — small, self-contained fixes can go straight to a pull request. + +## Development setup + +Requires Node.js `>=18` (see the `engines` field in `package.json`). + +```bash +git clone https://github.com/HailBytes/sbom-diff.git +cd sbom-diff +npm install +``` + +## Useful scripts + +| Script | What it does | +|--------|--------------| +| `npm test` | Run the Vitest suite once | +| `npm run test:watch` | Run tests in watch mode while developing | +| `npm run test:coverage` | Run tests with a coverage report | +| `npm run lint` | Lint `src` with ESLint | +| `npm run typecheck` | Type-check without emitting (`tsc --noEmit`) | +| `npm run build` | Compile to `dist/` | +| `npm run cli -- old.json new.json` | Run the built CLI locally | + +Before opening a PR, please make sure the same checks CI runs all pass locally: + +```bash +npm run lint +npm test +npm run build +``` + +(CI runs lint + test + build on every pull request targeting `main`.) + +## Pull request guidelines + +1. Fork the repo and create a topic branch off `main`. +2. Keep each PR focused on a single change, and add or update tests for any + behavior change. +3. Follow the existing [Conventional Commits](https://www.conventionalcommits.org/) + style used throughout the history, e.g.: + - `fix(cli): default to text format when --format is omitted` + - `feat(diff): detect license changes` + - `docs: clarify programmatic usage example` +4. Make sure `lint`, `test`, and `build` are green before requesting review. + +## License + +By contributing, you agree that your contributions will be licensed under the +project's [MIT License](LICENSE).