Skip to content

Latest commit

 

History

History
238 lines (178 loc) · 5.92 KB

File metadata and controls

238 lines (178 loc) · 5.92 KB

Contributing to Developer License Detector

Thank you for your interest in contributing! This document provides guidelines for contributing to the project.

🤝 How to Contribute

Reporting Bugs

  1. Check if the bug has already been reported in Issues
  2. If not, create a new issue with:
    • Clear, descriptive title
    • Steps to reproduce
    • Expected vs actual behavior
    • Chrome version and extension version
    • Screenshots if applicable

Suggesting Enhancements

  1. Check Discussions for similar suggestions
  2. Create a new discussion or issue describing:
    • The problem you're trying to solve
    • Your proposed solution
    • Any alternatives you've considered
    • Potential implementation challenges

Pull Requests

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/amazing-feature
  3. Make your changes following our code style
  4. Test thoroughly on multiple websites
  5. Commit with clear messages: git commit -m "Add: Support for Yarn lock files"
  6. Push to your fork: git push origin feature/amazing-feature
  7. Open a Pull Request with:
    • Description of changes
    • Related issue number
    • Testing performed
    • Screenshots if UI changes

📝 Code Style Guidelines

JavaScript

  • Use ES6+ features where appropriate
  • No semicolons (ASI)
  • 2 spaces for indentation
  • Use const by default, let when needed, avoid var
  • Meaningful variable names (no single letters except in loops)
// Good
const detectedLibraries = detectFromScriptTags()
const libraryCount = detectedLibraries.length

// Avoid
var x = detectFromScriptTags()
let c = x.length

Documentation

  • Add JSDoc comments to all functions
  • Include SPDX license header in all source files
  • Document parameters, return values, and side effects
/**
 * SPDX-License-Identifier: GPL-3.0
 * 
 * Detect libraries from script tags
 * @param {boolean} includeInline - Whether to include inline scripts
 * @returns {Array<Object>} - Array of detected libraries
 */
function detectFromScriptTags(includeInline = true) {
  // Implementation
}

File Organization

  • One module per file
  • Group related functionality
  • Clear, descriptive filenames
  • Keep files under 500 lines when possible

🧪 Testing

Manual Testing Checklist

Before submitting a PR, test on these sites:

Test Cases to Verify

  • Libraries detected correctly
  • Versions extracted when available
  • Licenses identified (check accuracy)
  • Risk levels calculated properly
  • UI displays data correctly
  • Export function works
  • Settings persist correctly

🎯 Areas That Need Help

High Priority

  1. Icon Design: Create professional icons for the extension
  2. Testing Framework: Set up automated testing
  3. More Libraries: Add to known-libraries.json
  4. License Patterns: Improve detection accuracy

Medium Priority

  1. UI/UX Improvements: Better visualizations
  2. Accessibility: ARIA labels, keyboard navigation
  3. Documentation: More examples and tutorials
  4. Performance: Optimize for large pages

Low Priority

  1. i18n Support: Internationalization
  2. Themes: Light theme option
  3. Settings Page: Advanced configuration
  4. Statistics: Usage analytics (local only)

📦 Adding New Libraries

To add support for a new library to the known libraries database:

  1. Open data/known-libraries.json
  2. Add an entry following this format:
{
  "library-name": {
    "patterns": ["library.js", "library.min.js"],
    "globalObjects": ["LibraryName"],
    "license": "MIT",
    "url": "https://library-website.com"
  }
}
  1. Test detection on a page using that library
  2. Submit PR with test results

🔍 Adding License Patterns

To improve license detection:

  1. Open data/licenses/license-fingerprints.json
  2. Add patterns for the license:
{
  "licenseId": "BSD-3-Clause",
  "patterns": [
    "redistributions must retain",
    "neither the name of"
  ],
  "keywords": ["BSD", "3-Clause"]
}
  1. Test on files with that license
  2. Verify no false positives
  3. Submit PR with examples

🔐 Security

Reporting Security Issues

DO NOT open public issues for security vulnerabilities.

Email security concerns to: security@example.com

Include:

  • Description of vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Security Best Practices

  • Never execute remote code
  • Validate all inputs
  • Sanitize HTML output (XSS prevention)
  • Minimize permissions requested
  • No external API calls
  • Review third-party dependencies carefully

📄 License

By contributing, you agree that your contributions will be licensed under the GPL-3.0 License.

All contributions must include the SPDX header:

/**
 * SPDX-License-Identifier: GPL-3.0
 */

💬 Communication

  • GitHub Issues: Bug reports and feature requests
  • GitHub Discussions: General questions and ideas
  • Pull Requests: Code contributions
  • Email: For private matters only

✅ Checklist Before Submitting

  • Code follows style guidelines
  • JSDoc comments added
  • SPDX header included
  • Tested on multiple websites
  • No console errors
  • Updated documentation if needed
  • PR description is clear
  • Linked to related issue

🎉 Recognition

All contributors will be:

  • Listed in a CONTRIBUTORS.md file
  • Mentioned in release notes
  • Credited in the extension description (if desired)

Thank you for making Developer License Detector better! 🙏