chore: add codeowners & security doc (#475)

* add codeowners & security doc

* reformat security doc

* reformat security doc

.github/dependabot.yml

@@ -17,7 +17,7 @@ updates:
         update-types: [version-update:semver-major]
     commit-message:
       # Prefix all commit messages
-      prefix: plaform-sdk-deps
+      prefix: 'chore: '
     labels:
       - dependabot
       - dependencies

.github/pr-title-checker-config.json

@@ -0,0 +1,14 @@
+{
+  "LABEL": {
+    "name": "title needs adjustment",
+    "color": "EEEEEE"
+  },
+  "CHECKS": {
+    "regexp": "^(fix|feat|break|docs|chore|refactor|style|build|ci|revert|test)!?(\\(.*\\))?!?:.*"
+  },
+  "MESSAGES": {
+    "success": "PR title is valid",
+    "failure": "PR title is invalid",
+    "notice": "Title needs to pass regex '^(fix|feat|break|docs|chore|refactor|style|build|ci|revert|test)!?(\\(.*\\))?!?:.*"
+  }
+}

.github/workflows/version-or-publish.yml

@@ -34,7 +34,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - name: Download Artifacts 
+      - name: Download Artifacts
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4.1.8
 
       - name: Checkout Repo
@@ -61,7 +61,7 @@ jobs:
         with:
           setupGitUser: false
           version: pnpm ci:version
-          title: "Update the version packages"
+          title: "ci: Update the version packages"
           publish: pnpm release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/version.yml

@@ -40,6 +40,6 @@ jobs:
         with:
           setupGitUser: false
           version: pnpm ci:version
-          title: "Update the version packages"
+          title: "ci: update the version packages"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CODEOWNERS

@@ -0,0 +1,2 @@
+* @CoveMB @emnul @MCarlomagno @shahnami @tirumerla @zeljkoX
+SECURITY.md @emnul @MCarlomagno @tirumerla @zeljkoX

README.md

@@ -1,12 +1,11 @@
-# Defender V2 SDK Packages
+# <img src="logo.svg" alt="OpenZeppelin Defender V2 SDK Packages" height="40px">
 
 <!-- TODO: Confirm these are all populating with data -->
 
+[![NPM Package](https://img.shields.io/npm/v/@openzeppelin/defender-sdk.svg)](https://www.npmjs.org/package/@openzeppelin/defender-sdk)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/OpenZeppelin/defender-sdk/badge)](https://api.securityscorecards.dev/projects/github.com/OpenZeppelin/defender-sdk)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7782/badge)](https://www.bestpractices.dev/projects/7782)
 [![Scorecard supply-chain security](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/scorecard.yml/badge.svg)](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/scorecard.yml)
-[![Stable Git Release](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/stable.yml/badge.svg)](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/stable.yml)
-[![RC Git Release](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/rc.yml/badge.svg)](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/rc.yml)
 [![CI](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/OpenZeppelin/defender-sdk/actions/workflows/ci.yml)
 
 This monorepo contains individual OpenZeppelin Defender TypeScript clients and publishes the collection of clients as `@openzeppelin/defender-sdk`

SECURITY.md

@@ -0,0 +1,38 @@
+# Security Policy
+
+Security vulnerabilities should be disclosed to the [project maintainers](./CODEOWNERS), or alternatively by email to [email protected].
+
+## Supported Versions
+
+The following versions are currently supported and receive security updates.
+Release candidates will not receive security updates.
+
+Security patches will be released for the latest minor of a given major release. For example, if an issue is found in versions >=1.13.0 and the latest is 1.14.0, the patch will be released only in version 1.14.1.
+
+Only critical severity bug fixes will be backported to past major releases.
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| >= 1.14.x | :white_check_mark: |
+| >= 1.13.x | :white_check_mark: |
+| <=1.12.x  | :x:                |
+
+## Reporting a Vulnerability
+
+We're extremely grateful for security researchers and users that report vulnerabilities to us.
+All reports are thoroughly investigated by the project's security team.
+
+Vulnerabilities are reported privately via GitHub's [Security Advisories](https://docs.github.com/en/code-security/security-advisories) feature.
+Please use the following link to submit your vulnerability: [Report a vulnerability](https://github.com/openzeppelin/defender-sdk/security/advisories/new)
+
+Please see
+[Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability)
+for more information on how to submit a vulnerability using GitHub's interface.
+
+We highly recommend installing the packages through npm and setting up vulnerability alerts such as [Dependabot].
+
+[Dependabot]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security#what-is-dependabot
+
+## Legal
+
+Smart contracts are a nascent technology and carry a high level of technical risk and uncertainty. OpenZeppelin's Defender SDK is made available under the MIT License, which disclaims all warranties in relation to the project and which limits the liability of those that contribute and maintain the project, including OpenZeppelin. Your use of the project is also governed by the terms found at www.openzeppelin.com/tos (the "Terms"). As set out in the Terms, you are solely responsible for any use of OpenZeppelin Defender SDK and you assume all risks associated with any such use. This Security Policy in no way evidences or represents an on-going duty by any contributor, including OpenZeppelin, to correct any flaws or alert you to all or any of the potential risks of utilizing the project.

package.json

@@ -35,13 +35,13 @@
     "nx-build-test-skip-cache": "pnpm run build-test --skip-nx-cache",
     "nx-test-skip-cache": "pnpm run test --skip-nx-cache",
     "ci:version": "pnpm changeset version",
-    "sort:networks": "node hack/sortNetworks.js && prettier -w packages/base/src/utils/network*.ts",
+    "sort:networks": "node hack/sortNetworks.js && prettier -u -w packages/base/src/utils/network*.ts",
     "build": "nx run-many -t build --parallel=1",
     "build-test": "nx run-many -t style,build,test --projects=@openzeppelin/defender-base-client,*  --parallel=false",
     "lint:check": "eslint 'packages/**/src/**/*.{js,ts}' --quiet",
     "lint:fix": "pnpm prettier:fix && pnpm lint:check && pnpm prettier:check",
-    "prettier:check": "prettier --check '**/*.{js,ts,tsx}' '!**/.nx/**'",
-    "prettier:fix": "prettier --write . '!**/.nx/**'",
+    "prettier:check": "prettier -u --check '**/*.{js,ts,tsx,md}' '!**/.nx/**'",
+    "prettier:fix": "prettier -u --write '**/*.{js,ts,tsx,md}' '!**/.nx/**'",
     "test": "nx run-many -t test --parallel=1",
     "build:changed": "nx affected:build --base=origin/main --skip-nx-cache --parallel=1",
     "test:changed": "nx affected:test --base=origin/main --skip-nx-cache --parallel=1",