Thank you for your interest in contributing! This document provides guidelines for contributing to the project.
- Check if the bug has already been reported in Issues
- If not, create a new issue with:
- Clear, descriptive title
- Steps to reproduce
- Expected vs actual behavior
- Chrome version and extension version
- Screenshots if applicable
- Check Discussions for similar suggestions
- Create a new discussion or issue describing:
- The problem you're trying to solve
- Your proposed solution
- Any alternatives you've considered
- Potential implementation challenges
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes following our code style
- Test thoroughly on multiple websites
- Commit with clear messages:
git commit -m "Add: Support for Yarn lock files" - Push to your fork:
git push origin feature/amazing-feature - Open a Pull Request with:
- Description of changes
- Related issue number
- Testing performed
- Screenshots if UI changes
- Use ES6+ features where appropriate
- No semicolons (ASI)
- 2 spaces for indentation
- Use
constby default,letwhen needed, avoidvar - Meaningful variable names (no single letters except in loops)
// Good
const detectedLibraries = detectFromScriptTags()
const libraryCount = detectedLibraries.length
// Avoid
var x = detectFromScriptTags()
let c = x.length- Add JSDoc comments to all functions
- Include SPDX license header in all source files
- Document parameters, return values, and side effects
/**
* SPDX-License-Identifier: GPL-3.0
*
* Detect libraries from script tags
* @param {boolean} includeInline - Whether to include inline scripts
* @returns {Array<Object>} - Array of detected libraries
*/
function detectFromScriptTags(includeInline = true) {
// Implementation
}- One module per file
- Group related functionality
- Clear, descriptive filenames
- Keep files under 500 lines when possible
Before submitting a PR, test on these sites:
- https://jquery.com (jQuery)
- https://react.dev (React)
- https://getbootstrap.com (Bootstrap + jQuery)
- https://vuejs.org (Vue.js)
- https://angular.io (Angular)
- A site with bundled/minified code
- A site with no external libraries
- A site with mixed licenses
- Libraries detected correctly
- Versions extracted when available
- Licenses identified (check accuracy)
- Risk levels calculated properly
- UI displays data correctly
- Export function works
- Settings persist correctly
- Icon Design: Create professional icons for the extension
- Testing Framework: Set up automated testing
- More Libraries: Add to
known-libraries.json - License Patterns: Improve detection accuracy
- UI/UX Improvements: Better visualizations
- Accessibility: ARIA labels, keyboard navigation
- Documentation: More examples and tutorials
- Performance: Optimize for large pages
- i18n Support: Internationalization
- Themes: Light theme option
- Settings Page: Advanced configuration
- Statistics: Usage analytics (local only)
To add support for a new library to the known libraries database:
- Open
data/known-libraries.json - Add an entry following this format:
{
"library-name": {
"patterns": ["library.js", "library.min.js"],
"globalObjects": ["LibraryName"],
"license": "MIT",
"url": "https://library-website.com"
}
}- Test detection on a page using that library
- Submit PR with test results
To improve license detection:
- Open
data/licenses/license-fingerprints.json - Add patterns for the license:
{
"licenseId": "BSD-3-Clause",
"patterns": [
"redistributions must retain",
"neither the name of"
],
"keywords": ["BSD", "3-Clause"]
}- Test on files with that license
- Verify no false positives
- Submit PR with examples
DO NOT open public issues for security vulnerabilities.
Email security concerns to: security@example.com
Include:
- Description of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Never execute remote code
- Validate all inputs
- Sanitize HTML output (XSS prevention)
- Minimize permissions requested
- No external API calls
- Review third-party dependencies carefully
By contributing, you agree that your contributions will be licensed under the GPL-3.0 License.
All contributions must include the SPDX header:
/**
* SPDX-License-Identifier: GPL-3.0
*/- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: General questions and ideas
- Pull Requests: Code contributions
- Email: For private matters only
- Code follows style guidelines
- JSDoc comments added
- SPDX header included
- Tested on multiple websites
- No console errors
- Updated documentation if needed
- PR description is clear
- Linked to related issue
All contributors will be:
- Listed in a CONTRIBUTORS.md file
- Mentioned in release notes
- Credited in the extension description (if desired)
Thank you for making Developer License Detector better! 🙏