Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mrcgrtz/create-security-txt
π Create an RFC 9116 compliant security.txt file.
https://github.com/mrcgrtz/create-security-txt
nodejs rfc-9116 security security-tools security-txt
Last synced: 2 months ago
JSON representation
π Create an RFC 9116 compliant security.txt file.
- Host: GitHub
- URL: https://github.com/mrcgrtz/create-security-txt
- Owner: mrcgrtz
- License: mit
- Created: 2021-05-04T18:25:30.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-10-02T01:45:07.000Z (3 months ago)
- Last Synced: 2024-10-11T14:25:19.037Z (3 months ago)
- Topics: nodejs, rfc-9116, security, security-tools, security-txt
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/create-security-txt
- Size: 1.53 MB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# create-security-txt
> Create an RFC 9116 compliant [security.txt](https://www.rfc-editor.org/rfc/rfc9116) file.
[](https://github.com/mrcgrtz/create-security-txt/actions/workflows/test.yml)
[](https://coveralls.io/github/mrcgrtz/create-security-txt?branch=main)
[](https://github.com/xojs/xo)
[](https://github.com/mrcgrtz/create-security-txt/blob/main/LICENSE.md)
## Usage
```bash
$ npx create-security-txt --help
Create an RFC 9116 compliant security.txt file.
Usage: create-security-txt -c URL -e DAYS [OPTIONS...]
Options:
--contact, -c A link or e-mail address for people to
contact you about security issues.
Remember to include "https://" for URLs,
and "mailto:" for e-mails.
--expires, -e Expiration in days from now or an ISO date
string when the content of the security.txt file
should be considered stale (so security
researchers should then not trust it).
--lang, -l A language code that your security team
speaks.
--canonical, -u The URLs for accessing your security.txt
file. It is important to include this if
you are digitally signing the
security.txt file, so that the location
of the security.txt file can be digitally
signed too.
--encryption, -x A link to a key which security researchers
should use to securely talk to you.
Remember to include "https://".
--ack, -a A link to a web page where you say thank
you to security researchers who have
helped you. Remember to include
"https://".
--policy, -p A link to a policy detailing what security
researchers should do when searching for
or reporting security issues. Remember to
include "https://".
--hiring, -h A link to any security-related job
openings in your organisation. Remember
to include "https://".
Examples:
Write to stdout:
create-security-txt -c [email protected] -e 30
Write a GPG signed file to the .well-known directory:
create-security-txt -c [email protected] -e 7 | gpg --clearsign > .well-known/security.txt
```
## Optional installation
Using [npm](https://www.npmjs.com/get-npm):
```bash
npm install create-security-txt --global
```
Using [yarn](https://yarnpkg.com/):
```bash
yarn global add create-security-txt
```
## License
MIT Β© [Marc GΓΆrtz](https://marcgoertz.de/)