themackabu.com / ant
MIRROR: javascript for ๐Ÿœ's, a tiny runtime with big ambitions
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

add security policy and contributing guidelines

theMackabu a1bf5f92 730fb540

+127 -1
+73
CONTRIBUTING.md
··· 1 + # Contributing to Ant 2 + 3 + Thank you for your interest in contributing to Ant! This document provides guidelines for contributing. 4 + 5 + ## Getting Started 6 + 7 + ### Prerequisites 8 + 9 + - C compiler with C23 support (GCC 14+ or Clang 18+) 10 + - Meson build system 11 + - Git 12 + - OpenSSL 13 + - libSodium 14 + 15 + ### Building from Source 16 + 17 + ```bash 18 + git clone https://github.com/theMackabu/ant.git && cd ant 19 + 20 + meson subprojects download 21 + meson setup build 22 + meson compile -C build 23 + ``` 24 + 25 + ## How to Contribute 26 + 27 + ### Reporting Bugs 28 + 29 + 1. Check existing issues first 30 + 2. Include reproduction steps 31 + 3. Provide system info (OS, compiler version) 32 + 4. Include relevant error messages 33 + 34 + ### Suggesting Features 35 + 36 + 1. Open an issue with the `enhancement` label 37 + 2. Describe the use case 38 + 3. Provide examples if possible 39 + 40 + ### Pull Requests 41 + 42 + 1. Fork the repository 43 + 2. Create a feature branch (`git checkout -b feature/my-feature`) 44 + 3. Make your changes 45 + 4. Ensure tests pass 46 + 5. Submit a pull request 47 + 48 + ## Code Style 49 + 50 + - **C code**: GNU23 standard, 2-space indent, no trailing whitespace 51 + - **Naming**: `snake_case` for functions, `UPPERCASE` for macros 52 + - **Headers**: Local includes (`"..."`) before system includes (`<...>`) 53 + - **Comments**: Avoid unless code is complex 54 + 55 + ## Project Structure 56 + 57 + ``` 58 + src/ 59 + โ”œโ”€โ”€ cli/ # Command line interface helpers 60 + โ”œโ”€โ”€ core/ # Bundled snapshot code 61 + โ”œโ”€โ”€ modules/ # Built-in JS modules (fs, path, shell, etc.) 62 + โ”œโ”€โ”€ esm/ # ES module system 63 + โ”œโ”€โ”€ pkg/ # Zig-based package manager 64 + include/ # C header files 65 + tests/ # JavaScript test files 66 + vendor/ # External dependencies 67 + ``` 68 + 69 + ## Testing 70 + 71 + - Add tests for new features in `tests/` 72 + - Run specific tests: `./build/ant tests/test_<name>.js` 73 + - Run `./build/ant examples/spec/run.js` to ensure nothing else broke
+11 -1
README.md
··· 16 16 curl -fsSL https://ant.themackabu.com/install | MBEDTLS=1 bash 17 17 ``` 18 18 19 - ## Build from source 19 + ### Building from Source 20 20 21 21 ```bash 22 + git clone https://github.com/theMackabu/ant.git && cd ant 23 + 22 24 meson subprojects download 23 25 meson setup build 24 26 meson compile -C build 25 27 ``` 28 + 29 + ### Security 30 + 31 + For information on reporting security vulnerabilities in Ant, see [SECURITY.md](SECURITY.md). 32 + 33 + ### Contributing to Ant 34 + 35 + We welcome contributions through pull request. See [CONTRIBUTING.md](CONTRIBUTING.md) for more details. 26 36 27 37 For more information about the internals, read the [ant deepwiki](https://deepwiki.com/theMackabu/ant).
+43
SECURITY.md
··· 1 + # Security Policy 2 + 3 + ## Supported Versions 4 + 5 + | Version | Supported | 6 + | -------- | --------- | 7 + | latest | โœ… | 8 + | pre v0.5 | โŒ | 9 + 10 + ## Reporting a Vulnerability 11 + 12 + If you discover a security vulnerability in Ant, please report it responsibly: 13 + 14 + 1. **Do not** open a public GitHub issue 15 + 2. Email security concerns to: **themackabu@gmail.com** 16 + 3. Include: 17 + - Description of the vulnerability 18 + - Steps to reproduce 19 + - Potential impact 20 + - Any suggested fixes (optional) 21 + 22 + ## Response Timeline 23 + 24 + - **Acknowledgment**: Within 12 hours 25 + - **Initial assessment**: Within 2 days 26 + - **Fix timeline**: Depends on severity (critical issues prioritized) 27 + 28 + ## Security Considerations 29 + 30 + Ant is a JavaScript runtime with system-level access. When using Ant: 31 + 32 + - **FFI**: The `ant:ffi` module provides direct memory access. Only load trusted native libraries. 33 + - **Shell execution**: The `ant:shell` module executes system commands. Sanitize all user input. 34 + - **URL imports**: Remote module imports execute code from external sources. Only import from trusted origins. 35 + - **File system**: The `ant:fs` module has full filesystem access. Validate paths carefully. 36 + 37 + ## Disclosure Policy 38 + 39 + Once a vulnerability is fixed, we will: 40 + 41 + 1. Release a patched version 42 + 2. Credit the reporter (if desired) 43 + 3. Publish a security advisory on GitHub