npm.io
1.1.3 • Published 2 months ago

@verii/verii-issuing

Licence
Apache-2.0
Version
1.1.3
Deps
11
Size
64 kB
Vulns
0
Weekly
0
Stars
4

Verii Monorepo

Github CI Vulnerabilities Dependency License Check

Contains Verii's Core Components

  • Common modules
  • Registrar endpoints
  • Credential agent
  • Mock vendor

Development

pnpm install
pnpm build
pnpm test
pnpm lint

Security Resolutions

  • Prefer the narrowest possible resolutions entry for transitive security fixes.
  • Scope overrides to the affected parent chain when feasible, such as hardhat/mocha/serialize-javascript for Hardhat-only remediation.
  • Document each temporary resolution in package.json with the advisory or alert reference and the condition for removal.
  • Remove the resolution once the upstream dependency path resolves the patched version without the override.

Package Publishing

  • Package publishing is handled by Nx Release and GitHub Actions.
  • Release groups are configured in nx.json.
  • Next-minor prerelease builds publish automatically from main with the npm prerelease dist-tag.
  • Release PRs are prepared by .github/workflows/prepare-release.workflow.yml from selected groups and a semver bump.
  • Production release notes are checked in under .github/releases/<group>-vX.Y.Z.md.
  • Manual prerelease and production exact-version publishes run through .github/workflows/publish-packages.workflow.yml.
  • See RELEASING.md for release groups, release bumps, and promotion policy.