From d0fb1c6119b6f84ae4cd74fbeccb4ef90199c27d Mon Sep 17 00:00:00 2001 From: Tim Golen Date: Tue, 7 Nov 2023 14:40:10 -0700 Subject: [PATCH 1/3] Add a new template for requesting a library to be added in package.json --- .github/ISSUE_TEMPLATE/NewLibraryRequest.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/NewLibraryRequest.md diff --git a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md new file mode 100644 index 000000000000..aa7eb7dc4de2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md @@ -0,0 +1,19 @@ +--- +name: New Library Request +about: Use this when you want to propose adding a new library to package.json (dev-dependencies excluded) +labels: Weekly, AutoAssignerAppLibReview +--- +In order to properly evaluate if a new library can be added to `package.json`, please fill out this request form. It will be automatically assigned someone from our review team that will go through and vet the library. + +Note: This is only for production dependencies. While we don't want people to add packages to dev-dependencies willy-nilly, we recognize that there isn't as great of a need there to secure them. + +# Name of library: + +## Details +- Link to package: +- Problem solved by using this package: +- Number of stars in GH: +- Number of monthly downloads: +- Number of releases in the last year: +- Level of activity in the repo: +- Alternatives: From 637f822dc15718600bb7dc41666823b073e712e9 Mon Sep 17 00:00:00 2001 From: Tim Golen Date: Tue, 7 Nov 2023 14:43:36 -0700 Subject: [PATCH 2/3] Add a few more items to the template --- .github/ISSUE_TEMPLATE/NewLibraryRequest.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md index aa7eb7dc4de2..c986512ce43c 100644 --- a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md +++ b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md @@ -17,3 +17,6 @@ Note: This is only for production dependencies. While we don't want people to ad - Number of releases in the last year: - Level of activity in the repo: - Alternatives: +- Are security concerns brought up and addressed in the library's repo? +- How many dependencies does this lib use that will be brought into our code? +- What will the effect be on the bundle size of our code? From 6c12150c1110973160f895c63baaced028eb610a Mon Sep 17 00:00:00 2001 From: Tim Golen Date: Tue, 7 Nov 2023 15:18:34 -0700 Subject: [PATCH 3/3] Change label --- .github/ISSUE_TEMPLATE/NewLibraryRequest.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md index c986512ce43c..83397d812780 100644 --- a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md +++ b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md @@ -1,7 +1,7 @@ --- name: New Library Request about: Use this when you want to propose adding a new library to package.json (dev-dependencies excluded) -labels: Weekly, AutoAssignerAppLibReview +labels: Weekly, AutoAssignerAppLibraryReview --- In order to properly evaluate if a new library can be added to `package.json`, please fill out this request form. It will be automatically assigned someone from our review team that will go through and vet the library.