{"id":25257190,"url":"https://github.com/ianlewis/repo-template-ts","last_synced_at":"2026-05-01T16:36:22.869Z","repository":{"id":276248851,"uuid":"928691257","full_name":"ianlewis/repo-template-ts","owner":"ianlewis","description":"Opinionated repository template for JavaScript and TypeScript repos.","archived":false,"fork":false,"pushed_at":"2026-04-29T01:29:25.000Z","size":1856,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-29T03:33:21.946Z","etag":null,"topics":["javascript-template","repo-template","repository-template","repository-templates","template-repository","typescript-template","typescript-template-project"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ianlewis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-07T04:05:01.000Z","updated_at":"2026-02-05T04:43:12.000Z","dependencies_parsed_at":"2025-02-23T01:18:59.988Z","dependency_job_id":"fae4a4b6-4e25-4ebe-9d1a-c640b250d273","html_url":"https://github.com/ianlewis/repo-template-ts","commit_stats":null,"previous_names":["ianlewis/repo-template-ts"],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/ianlewis/repo-template-ts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlewis%2Frepo-template-ts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlewis%2Frepo-template-ts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlewis%2Frepo-template-ts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlewis%2Frepo-template-ts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ianlewis","download_url":"https://codeload.github.com/ianlewis/repo-template-ts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlewis%2Frepo-template-ts/sbom","scorecard":{"id":330343,"data":{"date":"2025-08-18T01:50:34Z","repo":{"name":"github.com/ianlewis/repo-template-ts","commit":"9e13f7bafef2c682754421a14782fa7795168b26"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.6,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json5:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/pull_request.tests.yml:77","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/pull_request.tests.yml:78","Info: jobLevel 'contents' permission set to 'read': .github/workflows/schedule.issue-reopener.yml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/schedule.scorecard.yml:39","Info: jobLevel 'actions' permission set to 'read': .github/workflows/schedule.scorecard.yml:40","Info: jobLevel 'issues' permission set to 'read': .github/workflows/schedule.scorecard.yml:41","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/schedule.scorecard.yml:42","Info: jobLevel 'checks' permission set to 'read': .github/workflows/schedule.scorecard.yml:43","Info: jobLevel 'contents' permission set to 'read': .github/workflows/workflow_call.zizmor.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/pull_request.tests.yml:27","Info: found token with 'none' permissions: .github/workflows/schedule.issue-reopener.yml:1","Info: found token with 'none' permissions: .github/workflows/schedule.scorecard.yml:1","Info: found token with 'none' permissions: .github/workflows/schedule.stale.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.actionlint.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.commitlint.yml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.eslint.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.fixme.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.formatting.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.license-headers.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.markdownlint.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.renovate-config-validator.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.tests.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.textlint.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/workflow_call.yamllint.yml:21","Info: found token with 'none' permissions: .github/workflows/workflow_call.zizmor.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  28 out of  28 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: branch 'main' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: slsa-framework"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"1 out of 1 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:24:58.514Z","repository_id":276248851,"created_at":"2025-08-18T03:24:58.514Z","updated_at":"2025-08-18T03:24:58.514Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32505110,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript-template","repo-template","repository-template","repository-templates","template-repository","typescript-template","typescript-template-project"],"created_at":"2025-02-12T06:37:31.490Z","updated_at":"2026-05-01T16:36:22.859Z","avatar_url":"https://github.com/ianlewis.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `repo-template-ts`\n\n\u003c!-- TODO: update badge urls --\u003e\n\n[![tests](https://github.com/ianlewis/repo-template-ts/actions/workflows/pull_request.tests.yml/badge.svg)](https://github.com/ianlewis/repo-template-ts/actions/workflows/pull_request.tests.yml)\n[![Codecov](https://codecov.io/gh/ianlewis/repo-template-ts/graph/badge.svg?token=STWQS28VUG)](https://codecov.io/gh/ianlewis/repo-template-ts)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ianlewis/repo-template-ts/badge)](https://securityscorecards.dev/viewer/?uri=github.com%2Fianlewis%2Frepo-template-ts)\n\n\u003c!-- TODO: Update README contents. --\u003e\n\nRepository template for TypeScript repositories under `github.com/ianlewis`.\n\nThis repository template is maintained for use in repositories under\n`github.com/ianlewis`. However, it can be used as a general purpose TypeScript\nrepository starter template.\n\nThis repository is set up to make use of ESM modules and makes use of\n[Jest](https://jestjs.io/) for unit tests.\n\n## Goals\n\n### Repository quality\n\nA set of [formatters and linters](#formatting-and-linting) are maintained to\nmaintain repository code and configuration quality through pull request status\nchecks.\n\n### Consistency \u0026 Reproducibility\n\nRepositories created by this template should work as consistently as possible by\nminimizing issues due to conflicting installed package versions. Running\ncommands and tools locally should have the same result between different local\ndevelopment machines and CI. Recommended language runtime versions are set via\ntheir respective ecosystem tooling.\n\nThis template strives to minimize outside dependencies on tools and\nconfiguration requiring only a [minimal set](#requirements) of Unix userspace\ntools and language runtimes to work. Dependencies are downloaded and stored\nlocally inside the project directory so they don't conflict with globally\ninstalled package versions.\n\n### Security\n\nIn general, dependencies for tools and GitHub Actions are pinned to improve\noverall project supply-chain security.\n\nExternal dependencies on GitHub actions are limited to trusted actions with\ngood security practices (e.g. official GitHub-owned actions) to minimize\nexposure to compromise via external repositories.\n\nVersioning of formatting, linting, and other tool dependencies is done via the\n`requirements.txt` and `packages.json` where possible. This is so that the\nversions can be maintained and updated via dependency automation tooling. This\nrepository uses [Mend Renovate](https://www.mend.io/renovate/) because it\nallows more flexibility in configuration than Dependabot.\n\nSee also [Recommended repository settings](#recommended-repository-settings)\nfor more recommended security settings.\n\n## Requirements\n\nThis repository template is meant to be used on Linux x86-64 (AMD64) systems.\nThere is partial support for macOS ARM64 but `checkmake` does not provide an\nARM64 release binary so it doesn't work on macOS.\n\nIn general, dependencies on outside tools should be minimized in favor of\nincluding them as project-local dependencies.\n\n1. Language runtimes\n\n    The following language runtimes are required. It is recommended to use a tool\n    that can manage multiple language runtime versions such as\n    [`pyenv`](https://github.com/pyenv/pyenv),\n    [`nodenv`](https://github.com/nodenv/nodenv),\n    [`nvm`](https://github.com/nvm-sh/nvm), or [`asdf`](https://asdf-vm.com/). This\n    repository includes `.node-version` and `.python-version` files to specify the\n    language runtime versions to use for maximum compatibility with these tools.\n    - [`Node.js`]: Node.js is required to run some linters and formatters.\n    - [`Python`]: Python is required to run some linters and formatters.\n\n2. System tools\n\n    The following tools need to be installed:\n    - [`git`]: For repository management.\n    - `awk`, `basename`, `bash`, `dirname`, `grep`, `head`, `mktemp`, `rm`,\n      `sha256sum`, `uname`: Standard Unix tools (GNU version).\n    - GNU `make`: For running commands.\n    - `curl`, `tar`, `gzip`: For extracting archives.\n\n    On macOS you can install the required packages with Homebrew.\n\n    ```bash\n    brew install \\\n        make \\\n        grep \\\n        gawk \\\n        coreutils \\\n        libyaml \\\n        xz\n    ```\n\nThe following tools are automatically installed locally to the project and\ndo not need to be pre-installed:\n\n- [`actionlint`]: For linting GitHub Actions workflows (installed by Aqua in\n  `.aqua`).\n- [`checkmake`]: For linting `Makefile` (installed by Aqua in `.aqua`).\n- [`commitlint`]: For checking commit messages (installed by local\n- [`eslint`]: For linting JavaScript and TypeScript (installed in local\n  `node_modules`).\n- [`jq`]: For parsing output of some linters (installed by Aqua in `.aqua`).\n- [`markdownlint`]: For linting markdown (installed in local `node_modules`).\n- [`mbrukman/autogen`]: For adding license headers (vendored in `third_party`).\n- [`prettier`]: For formatting markdown and YAML files (installed in local\n  `node_modules`).\n- [`shellcheck`]: For linting shell code in GitHub Actions workflows (installed\n  by Aqua in `.aqua`).\n- [`textlint`]: For spelling checks (installed in local `node_modules`).\n- [`todos`]: For checking for outstanding TODOs in code (installed by Aqua in\n  `.aqua`).\n- [`yamllint`]: For linting YAML files (installed in local Python virtualenv\n  `.venv`).\n- [`zizmor`]: For linting GitHub Actions workflows (installed in local Python\n  virtualenv `.venv`).\n\n## Usage\n\nThe repository is organized to be as self-contained as possible. Commands are\nimplemented in the project [Makefile](#makefile).\n\n### Makefile\n\nThe `Makefile` is used for running commands, managing files, and maintaining\ncode quality. It includes a default `help` target that prints all make targets\nand their descriptions grouped by function.\n\n```shell\n$ make\nrepo-template-ts Makefile\nUsage: make [COMMAND]\n\n  help                      Print all Makefile targets (this message).\nBuild\n  all                       Build everything.\n  build                     Build the project.\n  pack                      Create a package tarball.\nTesting\n  test                      Run all tests.\n  unit-test                 Runs all unit tests.\nFormatting\n  format                    Format all files\n  js-format                 Format YAML files.\n  json-format               Format JSON files.\n  md-format                 Format Markdown files.\n  yaml-format               Format YAML files.\n  ts-format                 Format YAML files.\nLinting\n  lint                      Run all linters.\n  actionlint                Runs the actionlint linter.\n  checkmake                 Runs the checkmake linter.\n  commitlint                Run commitlint linter.\n  eslint                    Runs eslint.\n  fixme                     Check for outstanding FIXMEs.\n  format-check              Check that files are properly formatted.\n  markdownlint              Runs the markdownlint linter.\n  renovate-config-validator Validate Renovate configuration.\n  textlint                  Runs the textlint linter.\n  yamllint                  Runs the yamllint linter.\n  zizmor                    Runs the zizmor linter.\nMaintenance\n  todos                     Print outstanding TODOs.\n  clean                     Delete temporary files.\n```\n\n### Formatting and linting\n\nSome `Makefile` targets for basic formatters and linters are included along\nwith GitHub Actions pre-submits. Where possible, pre-submits use `Makefile`\ntargets and those targets execute with the same settings as they do when run\nlocally. This is to give a consistent experience when attempting to reproduce\npre-submit errors.\n\nVersioning of formatting, linting, and other tools are managed as tool\ndependencies so they can be more easily maintained.\n\n`Makefile` targets and linter/formatter configuration are designed to respect\n`.gitignore` and not cross `git submodule` boundaries. However, you will need\nto add files using `git add` for new files before they are picked up.\n\n`Makefile` targets for linters will also produce human-readable output by\ndefault, but will produce errors as [GitHub Actions workflow\ncommands](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)\nso they can be easily interpreted when run in Pull-Request [status\nchecks](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).\n\n### License headers\n\nThe `license-headers` make target will add license headers to files that are\nmissing it with the Copyright holder set to the current value of `git config\nuser.name`.\n\nFiles are checked for the existence license headers in status checks.\n\n## Project documentation\n\nThis repository template includes stub documentation. Examples of\n`CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`, and `SECURITY.md` can be found in the\n[`ianlewis/ianlewis`](https://github.com/ianlewis/ianlewis) repository and are\nmaintained in line with [GitHub recommended community\nstandards](https://opensource.guide/).\n\n## Repository creation checklist\n\nWhen creating a new repository from this template, the following checklist\nis recommended to ensure the repository is set up correctly.\n\n### Update configuration files\n\nFiles that should be updated include a TODO comment to indicate what changes\nshould made. You can run `make todos` to list all TODOs in the repository.\n\n```shell\n$ make todos\n.github/workflows/pre-submit.units.yml:113:# TODO: Remove the next line for private repositories with GitHub Advanced Security.\n.github/workflows/schedule.scorecard.yml:80:# TODO: Remove the next line for private repositories with GitHub Advanced Security.\nCODEOWNERS:1:# TODO: Update CODEOWNERS\nCODE_OF_CONDUCT.md:61:\u003c!-- TODO: update Code of Conduct contact email --\u003e\nREADME.md:3:\u003c!-- TODO: update badge urls --\u003e\nREADME.md:7:\u003c!-- TODO: Update README contents. --\u003e\n```\n\n### Recommended repository settings\n\nThe following repository settings are recommended in conjunction with this\nrepository template.\n\n#### General / Pull Requests\n\n1. [ ] **Allow merge commits:** Enabling merge commits is recommended\n       to preserve the original commit history of a pull request. This makes it\n       easier to retain the original commit messages and signatures of\n       contributors. Disallowing squash merges and rebase merges is recommended.\n\n#### GitHub Apps\n\n1. [ ] **Enable [DCO](https://github.com/apps/dco):** Enable the DCO GitHub App\n       to ensure that all commits are signed off by the author. This is a\n       lightweight alternative to a [Contributor License\n       Agreement](https://en.wikipedia.org/wiki/Contributor_License_Agreement)\n       (CLA) for contributors to certify that they wrote or otherwise have the\n       right to submit the code they are contributing to the project. If you\n       have a CLA you can omit this step.\n\n#### Rules / Rulesets\n\nA `ruleset` should be created for the default branch with branch protection\nrules that follow the [recommendations from OpenSSF\nScorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection)\nto achieve the highest Tier and score as possible.\n\n##### Branch rules\n\n- [ ] **Require a pull request before merging:** This is recommended to ensure\n      that all changes to the default branch are reviewed and the code\n      passes status checks. This helps maintain code quality and security.\n\n- [ ] **Require status checks to pass:** This is recommended to ensure that all\n      pull requests pass the required checks before they can be merged. This\n      helps maintain code quality and prevents broken code from being merged\n      into the default branch.\n\n    **Status checks that are required:** The following checks should be marked\n    as required:\n    - [ ] `DCO`\n    - [ ] `actionlint / actionlint`\n    - [ ] `checkmake / checkmake`\n    - [ ] `commitlint / commitlint`\n    - [ ] `format-check / format-check`\n    - [ ] `eslint / eslint`\n    - [ ] `markdownlint / markdownlint`\n    - [ ] `renovate-config-validator / renovate-config-validator`\n    - [ ] `textlint / textlint`\n    - [ ] `fixme / fixme`\n    - [ ] `unit-test / unit-test`\n    - [ ] `yamllint / yamllint`\n    - [ ] `zizmor / zizmor`\n\n##### Block force pushes\n\n- [ ] **Block force pushes:** This is recommended to ensure that all changes to\n      the default branch are made via pull requests.\n\n##### Require code scanning results\n\nThe following tools should be added to the required code scanning results.\n\n- [ ] `CodeQL`\n- [ ] `zizmor`\n\n#### Advanced Security\n\n1. [ ] **Private vulnerability reporting:**\n       Enable [private vulnerability reporting] as mentioned in [`SECURITY.md`].\n2. [ ] **Dependency Graph:**\n       Enable the [dependency graph] and automatic dependency submission.\n       Renovate relies on dependency graph for its [vulnerability\n       alerts](https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts)\n       feature.\n3. [ ] **Dependabot Alerts:**\n       Enable [Dependabot alerts]. Renovate relies on Dependabot alerts for its\n       [vulnerability\n       alerts](https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts)\n       feature.\n\n##### Code scanning\n\n1. [ ] **CodeQL analysis:**\n       Make sure \"GitHub Actions (Public Preview)\" is enabled in languages.\n2. [ ] **Protection rules:**\n    - [ ] **Security alert severity level:** Errors and warnings\n    - [ ] **Standard alert severity level:** Errors and warnings\n3. [ ] **Secret protection:**\n       Get alerts when secrets are detected in the repository.\n4. [ ] **Push protection:**\n       Block pushing commits with secrets in them.\n\n#### Secrets and variables / Actions\n\nAdd the repository to [Codecov](https://codecov.io/) for code coverage. View the Codecov\n[Quick Start Guide](https://docs.codecov.com/docs/quick-start) for more information.\n\n- [ ] **`CODECOV_TOKEN`:** add the repository upload token as a repository secret.\n\n## Conventional commits\n\nThis repository template uses [Conventional\nCommits](https://www.conventionalcommits.org/en/v1.0.0/) to standardize commit\nmessage formatting. Conventional commits can help to communicate the nature of\nchanges at a glance, and give hints on backwards compatibility.\n\nWhile you _may_ use conventional commits to automatically determine the next\nrelease version, it is **not** recommended to use conventional commits to auto\ngenerate user-facing documentation such as the `CHANGELOG.md` or release notes.\nThese should be written for an end-user audience, be human readable, and include\nadditional relevant information and context.\n\n## Keeping repositories in sync\n\nYou can optionally keep repositories created with the template in sync with\nchanges to the template. Because repositories created from GitHub templates are\nnot forks, it is recommended to perform a squash merge to squash the merge as a\ncommit on your commit history.\n\n```shell\n# One time step: Add the repository template as a remote.\ngit remote add repo-template-ts git@github.com:ianlewis/repo-template-ts.git\n\n# Fetch the latest version of the repo-template-ts.\ngit fetch repo-template-ts main\n\n# Create a new squash merge commit.\ngit merge --no-edit --signoff --squash --allow-unrelated-histories --log repo-template-ts/main\n```\n\n## Contributing\n\nPRs may be accepted to this template. See [`CONTRIBUTING.md`] for contributor\ndocumentation.\n\n[Dependabot alerts]: https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts\n[dependency graph]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph\n[private vulnerability reporting]: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\n[`CONTRIBUTING.md`]: ./CONTRIBUTING.md\n[`SECURITY.md`]: ./SECURITY.md\n[`Node.js`]: https://nodejs.org/\n[`Python`]: https://www.python.org/\n[`actionlint`]: https://github.com/rhysd/actionlint\n[`checkmake`]: https://github.com/checkmake/checkmake\n[`commitlint`]: https://commitlint.js.org/\n[`eslint`]: https://eslint.org/\n[`mbrukman/autogen`]: https://github.com/mbrukman/autogen\n[`git`]: https://git-scm.com/\n[`jq`]: https://jqlang.org/\n[`markdownlint`]: https://github.com/DavidAnson/markdownlint\n[`prettier`]: https://prettier.io/\n[`shellcheck`]: https://www.shellcheck.net/\n[`textlint`]: https://textlint.github.io/\n[`todos`]: https://github.com/ianlewis/todos\n[`yamllint`]: https://www.yamllint.com/\n[`zizmor`]: https://woodruffw.github.io/zizmor/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fianlewis%2Frepo-template-ts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fianlewis%2Frepo-template-ts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fianlewis%2Frepo-template-ts/lists"}