Feature/add security policy

.github/workflows/e2e-tests.yml

@@ -17,10 +17,10 @@ jobs:
         node-version: [18.x]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'yarn'

.github/workflows/node.js.yml

@@ -19,9 +19,9 @@ jobs:
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'

README.md

@@ -4,6 +4,8 @@
 
 Base is a secure, low-cost, developer-friendly Ethereum L2 built to bring the next billion users onchain. It's built on Optimism's open-source [OP Stack](https://stack.optimism.io/).
 
+![Node.js CI](https://github.com/AdekunleBamz/web/actions/workflows/node.js.yml/badge.svg)
+
 <!-- Badge row 1 - status -->
 
 [![GitHub contributors](https://img.shields.io/github/contributors/base/web)](https://github.com/base/web/graphs/contributors)

SECURITY.md

@@ -0,0 +1,74 @@
+# Security Policy
+
+## Supported Versions
+
+We take security seriously. This section outlines which versions of our project are currently supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly. We appreciate your help in keeping our users safe.
+
+### How to Report
+
+1. **Do not** create a public GitHub issue for the vulnerability
+2. Email security concerns to: [INSERT CONTACT EMAIL] (replace with actual contact)
+3. Provide detailed information about the vulnerability:
+   - Description of the issue
+   - Steps to reproduce
+   - Potential impact
+   - Any suggested fixes
+
+### What to Expect
+
+- **Acknowledgment**: We'll acknowledge receipt of your report within 48 hours
+- **Investigation**: We'll investigate the issue and keep you updated on our progress
+- **Resolution**: We'll work to resolve the issue as quickly as possible
+- **Disclosure**: Once fixed, we'll coordinate disclosure with you
+
+### Responsible Disclosure
+
+We follow responsible disclosure practices:
+- We'll give you credit for the discovery (if you wish)
+- We'll keep you informed throughout the process
+- We won't disclose details until a fix is available
+
+## Security Best Practices
+
+When using this project, please follow these security best practices:
+
+### For Users
+- Keep dependencies updated
+- Use strong, unique passwords
+- Enable two-factor authentication where available
+- Monitor for suspicious activity
+
+### For Contributors
+- Run security scans on code changes
+- Follow secure coding practices
+- Test for common vulnerabilities (OWASP Top 10)
+- Use dependency scanning tools
+
+## Known Security Considerations
+
+- This project handles user data and authentication - ensure proper validation
+- Web applications are susceptible to common attacks like XSS, CSRF
+- API endpoints should validate inputs thoroughly
+- Use HTTPS in production environments
+
+## Security Updates
+
+Security updates will be released as patch versions with the following naming convention:
+- `MAJOR.MINOR.PATCH` where PATCH includes security fixes
+
+## Contact
+
+For security-related questions or concerns:
+- Email: [INSERT CONTACT EMAIL]
+- GitHub Security Advisories: Enable in repository settings
+
+Thank you for helping keep our project secure!