Skip to content

Commit

Permalink
Move new contrib docs (#18041) (#19117)
Browse files Browse the repository at this point in the history 
* Move new contrib docs (#18041)

* Move new contrib docs

* underscores

* renaming

* removing redirect about

* creating moving

* experimental

* does belong

* editorial

* code style guide

* writing style guide

* howto and seo

* related_criteria for inclusion

* file rename, link update

* Updated Syntax for fetch-related pages (#17914)

* Updated Syntax

* port changes

Co-authored-by: Joshua Chen <sidachen2003@gmail.com>

* Fix wrong example quote (#18458)

* Unshorten code in method definition (#18457)

* fixes #18444

* Update index.md

Co-authored-by: Joshua Chen <sidachen2003@gmail.com>

* fix: correct the language of code examples (#18455)

* Add `const` var declaration to FileSystemFileHandle sample code  (#17930)

* Add `const` var declaration

* Update index.md

* Update index.md

Co-authored-by: Joshua Chen <sidachen2003@gmail.com>

* Update dom-examples links (#18462)

* MediaRecorder: Update dom-examples links (#18464)

* Update dom-example link (#18465)

* update a broken link (#18466)

* remove a broken link (#18467)

* Update a broken link (#18468)

* Fixes broken live sample (#18456)

* Intl.NumberFormat - flyby fixes (#18258)

* Fix `channelCount` semantics in `MediaStreamAudioSourceNode`. (#18472)

* Fix `channelCount` semantics.

This sparked confusion, e.g. in WebAudio/web-audio-api#2496.

Source: I am this specification's editor.

* Fix markup.

* Fix parenthesis

* Fix `channelCount` semantics. (#18473)

* Fix `channelCount` semantics.

This sparked confusion, e.g. in WebAudio/web-audio-api#2496.

Source: I am this specification's editor.

* Fix markup.

* Fix parenthesis

* Remove a few pointless references to internal slots (#18461)

* Remove a few pointless references to internal slots

* Update index.md

* Apply suggestions from code review

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* simplify description

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Fix syntax errors (#18475)

* Fix syntax error

Reported in https://github.com/orgs/mdn/discussions/158 (PR11)
The macro just prints `Deprected` on the next line.

* Fix in blobbuilder

* Remove js annotation for webidl blocks

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* fix: syntax errors in JS example sections (v5) (#18442)

* syntax fixes

* fix remaining syntax errors

* Adapt syntax box

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Use diff instead of js to mark a diff block (#18477)

* Update good vs bad example

* fix a typo

* marking it as diff

* Bump @mdn/yari from 1.10.0 to 1.10.2 (#18479)

* Correct a few usage of internal methods (#18476)

* Change 'nodes' link to link directly to DOM nodes (#18480)

The link to DOM 'nodes' currently links to the 'nodes' glossary page. I changed the link to DOM 'nodes' to directly link to the DOM nodes page.

* Shorten Global object glossary entry (#18474)

* FF103 Native Error types are serializable (#18384)

* FF104 Native Error types are serializable

* Fix error - this is in FF103, not 104

* Update files/en-us/web/api/web_workers_api/structured_clone_algorithm/index.md

Co-authored-by: Joshua Chen <sidachen2003@gmail.com>

* Remove stack info from release note

* Update files/en-us/mozilla/firefox/releases/103/index.md

Co-authored-by: Joshua Chen <sidachen2003@gmail.com>

* Demix invalid event from GlobalEventHandlers (#18451)

* Demix slotchange from GlobalEventHandlers (#18225)

* fix: various typos (#18483)

* Fix typo (#18486)

Remove stray 'a' in "contain a separator characters like the following" -> "contain separator characters like the following"

* Fix link text (#18488)

* Add missing period (#18487)

* fix broken link (#18490)

* Remove continuity descriptions from `steps(...)` (#18482)

As per the spec (https://drafts.csswg.org/css-easing/#step-easing-functions), Figure 5, all step functions are right-continuous (i.e. You'd encounter solid dots approaching discontinuity from the right side). The `direction` keyword should strictly describe when the jumps (i.e. discontinuities) happen.

* OpenType guide: font-variant-position is not mutually exclusive with <sup>/<sub> (#18459)

Thank you!

* Fix links for other references (#18501)

* update a broken link (#18500)

* Comment out ellipsis in code blocks (#18496)

* Comment out ellipsis in code blocks (#18498)

* Comment out ellipsis in code blocks (#18497)

* Elaborate on destructuring assignment (#18495)

* Elaborate on destructuring assignment

* add headings

* Mark kumascript code blocks js -> plain (#18493)

* remove a broken link (#18499)

* remove a broken link

* Apply suggestions from code review

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Demix pointer capture events from GlobalEventHandlers (#18450)

* Demix pointer capture events from GlobalEventHandlers

* Update files/en-us/web/api/element/lostpointercapture_event/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Add event properties section (still seems redundant...)

* Add additional event properties section

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Improvements to a few Number APIs (#18502)

* Minor spread syntax rewrite (#18503)

* Minor spread syntax rewrite

* Update files/en-us/web/javascript/reference/operators/spread_syntax/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Window.open() rework (#18118)

* first pass linting: remove xref macros, fix examples, fix code words

* 2nd pass: remove broken/insecure links, fix remaining typos

* Third pass - rework

* fix flaws

* Apply 1st set of suggestions

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Taking @teoli2003 review into account

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Fix broken block code in `Bracket notation` section (#18507)

Add three missing backticks at ending of block code

* Fix typo (#18508)

* Fix missing parenthesis (#18509)

* Mention string iteration goes by Unicode characters (#18504)

* Mention string iteration goes by Unicode characters

* add a flag example

* Fix "repository of wavetables" text's broken link (#18510)

* Add TBD content to files frontmatter and macros

* Add TBD content to more empty files

* TBD content

* Add missing front matter data to files

* Fix slug

* Fix slugs

* fix remaining writing guideline docs

Co-authored-by: Ruth John <rumyra@gmail.com>
Co-authored-by: Prajwal Borkar <sunnyborkar7777@gmail.com>
Co-authored-by: Joshua Chen <sidachen2003@gmail.com>
Co-authored-by: Davide Briano <36935593+buondevid@users.noreply.github.com>
Co-authored-by: Xavi Lee <awxiaoxian2020@163.com>
Co-authored-by: A1lo <yin199909@aliyun.com>
Co-authored-by: Zhang Yi Jiang <mediumdeviation@gmail.com>
Co-authored-by: Onkar Ruikar <87750369+OnkarRuikar@users.noreply.github.com>
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Paul Adenot <paul@paul.cx>
Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>
Co-authored-by: Lion Ralfs <lion.ralfs@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: simonvarey <88859869+simonvarey@users.noreply.github.com>
Co-authored-by: Queen Vinyl Da.i'gyu-Kazotetsu <vinyldarkscratch@gmail.com>
Co-authored-by: Nick Schonning <nschonni@gmail.com>
Co-authored-by: kokke <spam@rowdy.dk>
Co-authored-by: de-oz <101826623+de-oz@users.noreply.github.com>
Co-authored-by: Christopher Dignam <christopher.dignam@segment.com>
Co-authored-by: dshin-moz <102040459+dshin-moz@users.noreply.github.com>
Co-authored-by: J. S. Choi <jschoi@jschoi.org>
Co-authored-by: Masahiro FUJIMOTO <mfujimot@gmail.com>
Co-authored-by: SphinxKnight <SphinxKnight@users.noreply.github.com>
Co-authored-by: Minh-Thuan Nguyen <nmthuan.nmt@gmail.com>
Co-authored-by: Remco van 't Veer <remco@remworks.net>
Co-authored-by: Jeremy Pearson <jeremy.pearson.dev@gmail.com>
Co-authored-by: Schalk Neethling <schalk.neethling@mechanical-ink.co.za>

* Page structures (#18644)

Co-authored-by: Schalk Neethling <schalk.neethling@mechanical-ink.co.za>

* docs: community docs (#18787)

* docs: community docs

Adds community docs to the `mdn` folder

* Update files/en-us/mdn/community/contributing/getting-started/index.md

* updating folder names

Co-authored-by: Ruth John <Rumyra@users.noreply.github.com>
Co-authored-by: Ruth John <rumyra@gmail.com>

* Contrib docs readthrough part 1 (#18994)

* test change

* Readthrough of contrib docs part1

* Move folders to howto and remove the duplicate inclusion_criteria (#19020)

* Readthrough of contrib docs part2 (#19036)

* chore: delete and redirect community docs (#19069)

Deletes older documents and adds redirects to the new community docs.

* adding sidebar for community docs (#19112)

* adding sidebar for community docs

* Update files/en-us/mdn/community/contributing/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/contributing/our_repositories/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/contributing/security_vulnerability_response/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/contributing/translated_content/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/discussions/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/issues/content_suggestions_feature_proposals/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/pull_requests/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/index.md

Co-authored-by: Gabe <66077254+MrBrain295@users.noreply.github.com>

* Update files/en-us/mdn/writing_guidelines/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/users_teams/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/contributing/getting_started/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/issues/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/mdn_content/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/learn_forum/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/mdn_content/pull_requests/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/mdn_content/issues/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

* Update files/en-us/mdn/community/open_source_etiquette/index.md

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>

Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>
Co-authored-by: Gabe <66077254+MrBrain295@users.noreply.github.com>

* fix macros redirect

* fix macros redirect

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

* fix redirects

Co-authored-by: Dipika Bhattacharya <dipika@foss-community.org>
Co-authored-by: Ruth John <rumyra@gmail.com>
Co-authored-by: Prajwal Borkar <sunnyborkar7777@gmail.com>
Co-authored-by: Joshua Chen <sidachen2003@gmail.com>
Co-authored-by: Davide Briano <36935593+buondevid@users.noreply.github.com>
Co-authored-by: Xavi Lee <awxiaoxian2020@163.com>
Co-authored-by: A1lo <yin199909@aliyun.com>
Co-authored-by: Zhang Yi Jiang <mediumdeviation@gmail.com>
Co-authored-by: Onkar Ruikar <87750369+OnkarRuikar@users.noreply.github.com>
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Paul Adenot <paul@paul.cx>
Co-authored-by: Jean-Yves Perrier <jypenator@gmail.com>
Co-authored-by: Lion Ralfs <lion.ralfs@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: simonvarey <88859869+simonvarey@users.noreply.github.com>
Co-authored-by: Queen Vinyl Da.i'gyu-Kazotetsu <vinyldarkscratch@gmail.com>
Co-authored-by: Nick Schonning <nschonni@gmail.com>
Co-authored-by: kokke <spam@rowdy.dk>
Co-authored-by: de-oz <101826623+de-oz@users.noreply.github.com>
Co-authored-by: Christopher Dignam <christopher.dignam@segment.com>
Co-authored-by: dshin-moz <102040459+dshin-moz@users.noreply.github.com>
Co-authored-by: J. S. Choi <jschoi@jschoi.org>
Co-authored-by: Masahiro FUJIMOTO <mfujimot@gmail.com>
Co-authored-by: SphinxKnight <SphinxKnight@users.noreply.github.com>
Co-authored-by: Minh-Thuan Nguyen <nmthuan.nmt@gmail.com>
Co-authored-by: Remco van 't Veer <remco@remworks.net>
Co-authored-by: Jeremy Pearson <jeremy.pearson.dev@gmail.com>
Co-authored-by: Ruth John <Rumyra@users.noreply.github.com>
Co-authored-by: Gabe <66077254+MrBrain295@users.noreply.github.com>
  • Loading branch information
@dipikabh @Rumyra
@PrajwalBorkar @Josh-Cena @buondevid @awxiaoxian2020 @yin1999 @ZhangYiJiang @OnkarRuikar @hamishwillee @padenot @teoli2003 @lionralfs @dependabot @simonvarey @queengooborg @nschonni @kokke @de-oz @cdignam-segment @dshin-moz @js-choi @mfuji09 @SphinxKnight @nmthuan1405 @remvee @jeremypearson @MrBrain295
30 people committed Aug 3, 2022
1 parent f0654ff commit 1c5c86c
Show file tree
Hide file tree
Showing 110 changed files with 4,608 additions and 5,396 deletions.
257 changes: 164 additions & 93 deletions files/en-us/_redirects.txt
View file

Large diffs are not rendered by default.

1,283 changes: 244 additions & 1,039 deletions files/en-us/_wikihistory.json
View file

Large diffs are not rendered by default.

67 changes: 0 additions & 67 deletions files/en-us/mdn/about/index.md
View file

This file was deleted.

54 changes: 54 additions & 0 deletions files/en-us/mdn/community/contributing/getting_started/index.md
View file
@@ -0,0 +1,54 @@
---
title: Getting started with MDN Web Docs
slug: MDN/Community/Contributing/Getting_started
page-type: mdn-community-guide
tags:
- meta
- community-guidelines
- governance
---
{{MDNSidebar}}

We are an open community of developers, technical writers, and learners building resources for a better Web, regardless of brand, browser, or platform. Anyone can contribute, and each person who does contribute makes us stronger. Together we can continue to drive innovation on the Web to serve the greater good. It starts here, with you.

[Join us!](https://github.com/mdn/mdn-community/)

## What can I do to help?

There are multiple avenues you can take to contribute to MDN, depending on your skill set and interests. Therefore, along with each task, we provide a short description and an approximate time each type of task typically takes.

> If unsure what to do, you are always welcome to [ask for help](https://github.com/mdn/mdn-community/).
> Also note that our small, but mighty docs team maintains this repo, to preserve our bandwidth, off topic conversations will be closed.
## Primary contribution types

We have created a [contributors task board](https://github.com/orgs/mdn/projects/25/views/1) to help you find contribution opportunities that will meaningfully impact the project. The board has an overview and separate views for specific contribution types.

### Getting ready to contribute

To contribute, you will need a GitHub account. If you do not already have one, go ahead and [sign up](https://github.com/signup) for an account before continuing. If you are new to GitHub, we encourage you to take the following free, self-paced courses and reading material offered by GitHub. With this knowledge, you can focus on your contributions and not learn a new tool at the same time.

> NOTE: Do not feel overwhelmed or like you have to read through and complete _all_ of the course work. With the knowledge gained from the "Introduction to GitHub" course, you will be well on your way.
- [Introduction to GitHub](https://github.com/skills/introduction-to-github)
- [Setting up Git](https://docs.github.com/en/get-started/quickstart/set-up-git)
- [GitHub workflow](https://docs.github.com/en/get-started/quickstart/github-flow)
- [Using Markdown](https://github.com/skills/communicate-using-markdown)

### Additional reading and learning material

- [Basic etiquette for open source projects](/en_US/docs/MDN/Community/Open_source_etiquette): If you've never contributed to an open source project before, we encourage you to read this document.
- [Learn web development](https://developer.mozilla.org/docs/Learn): If you are new to HTML, CSS, JavaScript, we have some great content to help you get started.
- [Deep dive into collaborating with pull requests](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests)

Some writing-specific contribution opportunities will require a reasonable understanding of the English language. That said, do not let perfect be the enemy of “good enough.” Even if your grammar isn’t good, don’t worry about it! We have a team of people who aim to ensure that MDN’s contents are as good as possible. In addition, someone will be along to ensure your work is tidy and well-written.

Once you’ve decided what kind of task you want to work on, it is time to head over to the [contributors task board](https://github.com/orgs/mdn/projects/25/views/1), pick an issue, and let us know by commenting on the issue and tagging the `@mdn/mdn-community-engagement` team. Someone from the team will respond and assign the issue to you.

This ensures that two people do not work on the same issue, and you will know who to contact should you get stuck.

### Contributions

When contributing, you agree to make your contributions available under the [Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/4.0/) (or an alternative license already specified by the page you are editing). In addition, code samples are available under [Creative Commons CC-0](https://creativecommons.org/share-your-work/public-domain/cc0/) (a Public Domain dedication).

> If you have any questions or concerns about anything discussed here, please [open a discussion](https://github.com/mdn/mdn-community/discussions/categories/content) and let us know.
15 changes: 15 additions & 0 deletions files/en-us/mdn/community/contributing/index.md
View file
@@ -0,0 +1,15 @@
---
title: Contributing to MDN Web Docs
slug: MDN/Community/Contributing
page-type: mdn-community-guide
tags:
- meta
- community-guidelines
- governance
---
{{MDNSidebar}}

- [Getting started](/en-US/docs/MDN/Community/Contributing/Getting-Started)
- [Our repositories](/en-US/docs/MDN/Community/Contributing/Our_repositories)
- [Translated content](/en-US/docs/MDN/Community/Contributing/Translated_content)
- [Security vulnerability response](/en-US/docs/MDN/Community/Contributing/Security_vulnerability_response)
85 changes: 85 additions & 0 deletions files/en-us/mdn/community/contributing/our_repositories/index.md
View file
@@ -0,0 +1,85 @@
---
title: MDN Web Docs Repositories
slug: MDN/Community/Contributing/Our_repositories
page-type: mdn-community-guide
tags:
- meta
- community-guidelines
- governance
---
{{MDNSidebar}}

[MDN Web Docs](https://developer.mozilla.org) is a complex project with lots of moving parts. It's a good idea to get familiar with the projects different repositories. This document intends to help you find the different repositories (repos) you may need when contributing to different parts of the MDN Web Docs project.

## Repository tiers

### Tier 1

Code in these repositories are core to the MDN Web Docs project and runs on https://developer.mozilla.org, or another Mozilla owned domain.

- [mdn/content](https://github.com/mdn/content)
- [Yari](https://github.com/mdn/yari)
- [rumba](https://github.com/mdn/rumba)
- [browser-compat-data](https://github.com/mdn/browser-compat-data)
- [interactive-examples](https://github.com/mdn/interactive-examples)
- [bob](https://github.com/mdn/bob)

A Tier 1 project should have at least 3 members, including at least two with admin permissions.

### Tier 2

These repositories are mainly concentrated on supporting content such as code examples, the MDN Web Docs learn area, localisation, and examples projects. Examples include:

- [dom-examples](https://github.com/mdn/dom-examples)
- [translated-content](https://github.com/mdn/translated-content)
- [learning-area](https://github.com/mdn/learning-area)

A Tier 2 project should have at least 2 members, including at least one with admin permissions.

### Tier 3

These are repository used for project planning, documenting the project itself, and community engagement. Examples include:

- [mdn-community](https://github.com/mdn/mdn-community)
- [mdn/mdn](https://github.com/mdn/mdn)
- [content-team-projects](https://github.com/mdn/content-team-projects).

A Tier 3 project needs 1 admin.

## Core repos

- **Core content**: <https://github.com/mdn/content>. The most important repo for MDN Web Docs content — this is where all the core English content of the site is stored, and where you'll make all standard changes to page content.
- **MDN Web Docs Platform**: <https://github.com/mdn/yari>. This is where the MDN Web Docs platform is stored, and where you'll go if you want to make changes to our high level page structure or rendering machinery.
- **Browser compatibility data**: <https://github.com/mdn/browser-compat-data>. This is where the data used to generate the browser compatibility tables found on our reference pages is stored ([example](/en-US/docs/Web/HTML/Element/progress#browser_compatibility)). If you have information about browser compatibility of Web features — or are willing and able to do some research and/or experimentation — you can help update MDN's [Browser Compatibility Data](https://github.com/mdn/browser-compat-data/blob/main/docs/contributing.md)
- **Interactive examples**: <https://github.com/mdn/interactive-examples>. This repo stores the example code blocks that are found at the top of many of our reference pages ([example](/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis)). Edit those examples here.
- **Bob** aka Builder of Bits: <https://github.com/mdn/bob>
This repo stores the rendering code that produce the nice editable, copyable examples found at the top of many of our reference pages ([example](/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis)).
- **Translated content**: <https://github.com/mdn/translated-content>. This is where localized content lives. Go here if you want to help translate pages into any of our [actively maintained locales](https://github.com/mdn/translated-content#locales).
- **Workflows**: <https://github.com/mdn/workflows>
A growing collection of reusable GitHub Actions for use on MDN Web Docs repositories.

## Code example

### Code examples and demos

[//]: # "TODO: UPDATE WITH REPO TRIAGE"

The MDN Web Docs GitHub org contains a huge number of example repos. These generally contain free-standing code examples that are often linked to from our pages, but occasionally you’ll find one of these examples embedded into a page using a macro call like this — `{{EmbedGHLiveSample("css-examples/learn/tasks/grid/grid1.html", '100%', 700)}}`.

Always remember, if you are updating the code on any given page, you'll need to update the corresponding example repo as well.

- [**dom-examples**](https://github.com/mdn/dom-examples)
- [**css-examples**](https://github.com/mdn/css-examples)
- [**webaudio-examples**](https://github.com/mdn/webaudio-examples)
- [**webassembly-examples**](https://github.com/mdn/webassembly-examples)
- [**indexeddb-examples**](https://github.com/mdn/indexeddb-examples)
- [**js-examples**](https://github.com/mdn/js-examples)
- [**html-examples**](https://github.com/mdn/html-examples)
- [**web-components-examples**](https://github.com/mdn/web-components-examples)
- [**webextension-examples**](https://github.com/mdn/webextensions-examples)
- [**webgl-examples**](https://github.com/mdn/webgl-examples)
- [**pwa-examples**](https://github.com/mdn/pwa-examples)
- [**houdini-examples**](https://github.com/mdn/houdini-examples)
- [**headless-examples**](https://github.com/mdn/headless-examples)
- [**perf-examples**](https://github.com/mdn/perf-examples)
- [**devtools-examples**](https://github.com/mdn/devtools-examples)
42 changes: 42 additions & 0 deletions files/en-us/mdn/community/contributing/security_vulnerability_response/index.md
View file
@@ -0,0 +1,42 @@
---
title: Security Vulnerability Response Steps
slug: MDN/Community/Contributing/Security_vulnerability_response
page-type: mdn-community-guide
tags:
- meta
- community-guidelines
- governance
---
{{MDNSidebar}}

## A little history

On ~27 November 2018 an NPM security vulnerability was announced for all users that depend, either directly or indirectly, on the [event-stream](https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream) package. It was a very targeted attack, that only activated if the Copay bitcoin wallet was installed, whereupon it tried to steal the contents.

Two of our projects, namely [interactive-examples](https://github.com/mdn/interactive-examples/) and [BoB](https://github.com/mdn/bob/), depend on an NPM package called [npm-run-all](https://www.npmjs.com/package/npm-run-all), which in turn depended on the event-stream package.

This meant that not only was staff at risk, but people who have forked either of these repositories might have been affected as well. Thankfully the maintainers of the affected package reacted swiftly and released an update to address the issue. Because we have the [Renovate bot](https://github.com/marketplace/renovate) running against these repositories, there was a [pull request](https://github.com/mdn/interactive-examples/pull/1239/) ready to merge.

This only resolved one part of the problem though. Our users still needed to be notified.

## Steps taken

The community for especially the interactive-examples project was rather large, and not everyone active, but we still needed a way to reach out to everyone. The first step was then to open an issue against each of the repositories detailing the problem:

- [interactive-examples](https://github.com/mdn/interactive-examples/issues/1242)
- [bob](https://github.com/mdn/bob/issues/184)

That by itself is not enough as users do not necessarily actively monitor issues. We therefore, needed to look at all of the forks of the project, for example: https://github.com/mdn/interactive-examples/network/members

We then copied all of the usernames for these users and pinged them on the above issue, for example: https://github.com/mdn/interactive-examples/issues/1242#issuecomment-442110598

This was very effective from the response we received in the issue, but we could not leave it there. The next step was to post a comment on each of the open pull requests informing the user of the problem, and what their next steps should be:
https://github.com/mdn/interactive-examples/pull/1144

With this, we felt rather confident that between us reaching out, and coverage of the issue online by NPM and other channels, would ensure that we ensured our users are safe.

As a final step, @schalkneethling posted a message on Twitter which was in turn retweeted by the [MDN Web Docs Twitter account](https://twitter.com/schalkneethling/status/1067436637385179136).

### In closing

Hopefully, these types of incidents will be few and far between. Should this happen again however, the above provides a solid guideline on how to respond.

0 comments on commit 1c5c86c

Please sign in to comment.