Create a prescriptive best practices toolchain

openjs-foundation / security-collab-space

a repository for documenting and coordinating the foundation's security collaboration space

Apache License 2.0

24 stars 8 forks source link

Create a prescriptive best practices toolchain #45

Closed joesepi closed 1 year ago

joesepi commented 1 year ago

What should be included?

Discuss!

Related: #18

bensternthal commented 1 year ago

I am certainly not an SME on this subject but folks asked me to give this a shot. At a minimum perhaps this acts as a strawman that gets us to something we all agree on.

Problem Statement

Creating a secure JS project from scratch is hard and hard to do right.

A granular, templatized, and documented best practices toolchain would help JS developers spin up projects faster and help those project be more secure.

Example

An example of a toolchain with an example project can be seen on MDN.

bensternthal commented 1 year ago

Next Steps!

Create categories
Decide on potential set of options for each
Decide on recommendation for each category
Bonus, create an example project that demonstrates usage

Note I added a doc we can use to suss out this work. Once we have something shareable, and ready for broader feedback we can add to Github.

bensternthal commented 1 year ago

Closed and superseded by https://github.com/openjs-foundation/security-collab-space/issues/78