Skip to content

fix: remove tracked node_modules, add SECURITY.md#26

Merged
matt-dean-git merged 1 commit into
mainfrom
fix/pre-launch-cleanup
Feb 10, 2026
Merged

fix: remove tracked node_modules, add SECURITY.md#26
matt-dean-git merged 1 commit into
mainfrom
fix/pre-launch-cleanup

Conversation

@matt-dean-git

Copy link
Copy Markdown
Collaborator

Pre-launch cleanup

Critical: node_modules tracked in git

186 packages (23MB, 4800+ files) were committed to the repo. This:

  • Bloats clone time for HN visitors
  • Is a red flag for experienced OSS developers
  • Was likely causing the Dependabot alerts

Removed and added node_modules/ to .gitignore.

Added: SECURITY.md

Security-focused project needs a vulnerability reporting policy. Added standard SECURITY.md with:

  • Supported versions table
  • Responsible disclosure email ([email protected])
  • 48h acknowledgment, 7-day fix SLA for criticals
  • Design principles summary

Note: Vercel OIDC tokens in git history

The .env.local files removed in PR #17 contained Vercel OIDC JWTs. These expired Jan 1, 2026 — not exploitable. But they do leak:

  • Vercel team ID: team_ep8LEiBkDAKDemVrjAxBdQRM
  • Project ID: prj_71ZThcMGhIjThGdG69e15QTDNTlf

Not urgent but worth noting. A future git filter-repo could clean history.

- Remove 186 packages (23MB) of node_modules that were tracked in git
- Add root node_modules/ to .gitignore
- Add SECURITY.md with vulnerability reporting policy

node_modules was bloating clone size and is a red flag for
experienced OSS reviewers.
@vercel

vercel Bot commented Feb 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
satgate Building Building Preview, Comment Feb 10, 2026 7:38pm

@matt-dean-git matt-dean-git merged commit b8eeba0 into main Feb 10, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant