3bc8da4cbf
This commit changes the behavior of auditing to audit only production dependencies. Security checks have been failing for months due to Vue CLI dependencies and lack of resolution from the developers. This commit makes auditing ignore development dependencies. The reasons include: - Vulnerabilities in developer dependencies cause pipelines to fail on every run. - This is caused by dependencies such that lack resolution from the developers. Vue developers consider `npm audit` broken design and do not prioritize solutions. Discussions: vuejs/vue-cli#6637, vuejs/vue-cli#6621, vuejs/vue-cli#6555, vuejs/vue-cli#6553, vuejs/vue-cli#6523, vuejs/vue-cli#6486, vuejs/vue-cli#6632. - Development packages are not relevant for the production payload. - False positives create behavior of ignoring them completely instead of taking action, which creates a security vulnerability itself. - Failed tests are shown in a badge on README file, giving wrong picture of security posture of users. `npm audit --omit=dev` is used instead of `npm audit --production` which is deprecated as of npm v8.7.0 npm/cli#4744. This commit also removes exiting with output of `npm audit` command to fix exiting with textual output, leading to failures.
privacy.sexy — Now you have the choice
Enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy 🍑🍆
Get started
- 🌍️ Online: https://privacy.sexy.
- 🖥️ Offline: Check releases page, or download directly for: Windows, macOS, Linux.
Online version does not require to run any software on your computer. Offline version has more functions such as running the scripts directly.
💡 You should apply your configuration from time to time (more than once). It would strengthen your privacy and security control because privacy.sexy and its scripts get better and stronger in every new version.
Features
- Rich: Hundreds of scripts that aims to give you control of your data.
- Free: Both free as in "beer" and free as in "speech".
- Transparent. Have full visibility into what the tweaks do as you enable them.
- Reversible. Revert if something feels wrong.
- Accessible. No need to run any compiled software on your computer with web version.
- Open. What you see as code in this repository is what you get. The application itself, its infrastructure and deployments are open-source and automated thanks to bump-everywhere.
- Tested. A lot of tests. Automated and manual. Community-testing and verification. Stability improvements comes before new features.
- Extensible. Effortlessly extend scripts with a custom designed templating language.
- Portable and simple. Every script is independently executable without cross-dependencies.
Support
Sponsor 💕. Consider sponsoring on GitHub Sponsors, or you can donate using other ways such as crypto or a coffee.
Star 🤩. Feel free to give it a star ⭐ .
Contribute 👷. Contributions of any type are welcome. See CONTRIBUTING.md as the starting point. It includes useful information like how to add new scripts.
Development
Refer to development.md for Docker usage and reading more about setting up your development environment.
Check architecture.md for an overview of design and how different parts and layers work together. You can refer to application.md for a closer look at application layer codebase and presentation.md for code related to GUI layer. collection-files.md explains the YAML files that are the core of the application and templating.md documents how to use templating language in those files. In ci-cd.md, you can read more about the pipelines that automates maintenance tasks and ensures you get what see.
docs/ folder includes all other documentation.