Merge pull request #7 from haxtheweb/2025

2025

Author: btopro

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Global ownership
+# Bryan Ollendyke (btopro) is the primary maintainer and creator of HAXTheWeb
+* @btopro
+
+# HAXTheWeb ecosystem is developed and maintained by:
+# Bryan Ollendyke (@btopro) - Penn State University
+# Copyright (c) 2015-2025 The Pennsylvania State University

.github/pull_request_template.md

@@ -0,0 +1,72 @@
+## Related Issue
+<!-- Link to the issue this PR addresses -->
+Closes [ISSUE #XXXX](https://github.com/haxtheweb/issues/issues/XXXX)
+
+## Figma Link
+<!-- If this PR relates to a design, provide the Figma link -->
+
+## Description of Changes
+<!-- Provide a clear and concise description of what this PR does -->
+
+### What changed:
+- 
+- 
+- 
+
+### Why this change was needed:
+<!-- Explain the problem this solves or the feature this adds -->
+
+## Type of Change
+<!-- Check the type of change your PR introduces -->
+- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
+- [ ] ✨ New feature (non-breaking change which adds functionality)
+- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] 📚 Documentation update
+- [ ] 🎨 Style/formatting changes
+- [ ] ♻️ Code refactoring
+- [ ] 🔧 Configuration changes
+
+## Testing Checklist
+<!-- Check all that apply -->
+- [ ] I have tested this change locally
+- [ ] I have added/updated tests for my changes
+- [ ] All existing tests pass
+- [ ] I have tested on multiple browsers (if applicable)
+- [ ] I have tested on mobile devices (if applicable)
+- [ ] I have verified accessibility compliance
+- [ ] I have tested with screen readers (if applicable)
+
+## Quality Assurance
+<!-- Check all that apply -->
+- [ ] I have followed the project's coding conventions
+- [ ] I have updated documentation where necessary
+- [ ] I have added comments to complex code
+- [ ] My changes don't introduce console warnings/errors
+- [ ] I have checked for performance implications
+
+## Ways to Test This Change
+<!-- Provide step-by-step instructions for testing -->
+1. 
+2. 
+3. 
+
+## Screenshots/Recordings
+<!-- If applicable, add screenshots or recordings showing the changes -->
+
+### Before:
+<!-- Screenshot/recording of the current behavior -->
+
+### After:
+<!-- Screenshot/recording of the new behavior -->
+
+## Additional Notes
+<!-- Any additional context, decisions, or follow-up work -->
+
+## Checklist
+<!-- Final checklist before submitting -->
+- [ ] I have read the [contributing guidelines](../CONTRIBUTING.md)
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] Any dependent changes have been merged and published

.github/workflows/build.yml

@@ -11,7 +11,7 @@ jobs:
       fail-fast: false
       matrix:
         platform: [ubuntu-latest, windows-latest]
-        node-version: [20]
+        node-version: [22]
     runs-on: ${{ matrix.platform }}
     steps:
       - name: Checkout

.github/workflows/ossf_scorecard.yml

@@ -0,0 +1,63 @@
+---
+# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
+name: OSSF Scorecard
+on:
+  # For Branch-Protection check. Only the default branch is supported. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection.
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained.
+  schedule:
+    - cron: "0 0 * * 1"
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+# Declare default permissions as read only.
+permissions: read-all
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-24.04
+    # Delete the conditional below if you are using the OSSF Scorecard on a public repository.
+    if: ${{ github.event.repository.private == false }}
+    permissions:
+      # Needed if using Code Scanning alerts.
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true.
+      id-token: write
+      # Uncomment the permissions below if you are using the OSSF Scorecard on a private repository.
+      # contents: read
+      # actions: read
+      # issues: read # To allow GraphQL ListCommits to work
+      # pull-requests: read # To allow GraphQL ListCommits to work
+      # checks: read # To detect SAST tools
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if you want to enable the Branch-Protection or Webhooks check on a *private* repository.
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF format to the repository Actions tab.
+      - name: Upload artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: Upload SARIF results to code scanning
+        uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
+        with:
+          sarif_file: results.sarif

CODE_OF_CONDUCT.md

@@ -0,0 +1,60 @@
+# HAXTheWeb Code of Conduct
+
+## Our pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project as awesome as we possibly can.
+It is the policy of HAXTheWeb to maintain an environment free of harassment and free of discrimination against any person because of age, race, color, ancestry, national origin, religion,
+creed, service in the uniformed services (as defined in state and federal law), veteran status, sex, sexual orientation,
+marital or family status, pregnancy, pregnancy-related conditions, physical or mental disability, gender, perceived gender,
+gender identity, genetic information or political ideas.
+
+Discriminatory conduct and harassment, as well as sexual misconduct and harassment or relationship violence, violates the dignity of individuals, impedes the realization of HAXTheWeb’s mission, and will not be tolerated in our community.
+
+## Our standards
+
+How you will keep our community awesome:
+
+* Showing empathy to everyone
+* Being respectful of differing viewpoints and experiences
+* Accepting constructive criticism
+* Acting in the best interests of the community
+
+Behaviors our community will not tolerate:
+
+* Harassment - public or private
+* Unwelcome sexual attention or advances
+* Trolling - derogatory interactions and personal or political attacks
+* Doxing - publishing others' private information without permission
+* Any conduct reasonably considered inappropriate in professional settings
+
+## Our responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected
+to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right to remove or modify comments, commits, code, documentation,
+issues, and other contributions that are not aligned to this Code of Conduct.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in spaces where an individual is 
+representing the project or its community. Examples of representing a project or community include using 
+an official project e-mail address, posting via an official social media account, or acting as an official 
+representative at an event. Representation of a project may be further defined and clarified 
+by project maintainers.
+
+The HAXcms Code of Conduct applies to anyone involved in the project, including project maintainers.
+
+## Enforcement
+
+Instances of behavior which violates the HAXcms Code of Conduct may be reported by contacting 
+project leadership at hax@psu.edu. The project leadership will review and investigate all complaints, and will 
+respond in a way that it deems appropriate. The project leadership is obligated to maintain 
+confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies 
+may be posted separately.
+
+The HAXcms Code of Conduct was originally produced in the United States of America and operates based on US legal norms
+which presumes innocence until guilt is proven.
+
+## CoC attribution
+The HAXcms Code of Conduct has been forked from the Contributor Covenant, version 1.4, available at http://contributor-covenant.org/version/1/4

README.md

@@ -1,4 +1,9 @@
+[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/haxtheweb/haxcms-nodejs/badge)](https://securityscorecards.dev/viewer/?uri=github.com/haxtheweb/haxcms-nodejs)
+[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](/SUPPORT.md)
 [![License: Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md)
+[![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/EKYJAjqGhf)
 [![Lit](https://img.shields.io/badge/-Lit-324fff?style=flat&logo=data:image/svg%2bxml;base64,PHN2ZyBmaWxsPSIjZmZmIiB2aWV3Qm94PSIwIDAgMTYwIDIwMCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJtMTYwIDgwdjgwbC00MC00MHptLTQwIDQwdjgwbDQwLTQwem0wLTgwdjgwbC00MC00MHptLTQwIDQwdjgwbDQwLTQwem0tNDAtNDB2ODBsNDAtNDB6bTQwLTQwdjgwbC00MC00MHptLTQwIDEyMHY4MGwtNDAtNDB6bS00MC00MHY4MGw0MC00MHoiLz48L3N2Zz4%3D)](https://lit.dev/)
 [![#HAXTheWeb](https://img.shields.io/badge/-HAXTheWeb-999999FF?style=flat&logo=data:image/svg%2bxml;base64,PHN2ZyBpZD0iZmVhMTExZTAtMjEwZC00Y2QwLWJhMWQtZGZmOTQyODc0Njg1IiBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDE4NC40IDEzNS45NyI+PGRlZnM+PHN0eWxlPi5lMWJjMjAyNS0xODAwLTRkYzItODc4NS1jNDZlZDEwM2Y0OTJ7ZmlsbDojMjMxZjIwO308L3N0eWxlPjwvZGVmcz48cGF0aCBjbGFzcz0iZTFiYzIwMjUtMTgwMC00ZGMyLTg3ODUtYzQ2ZWQxMDNmNDkyIiBkPSJNNzguMDcsODMuNDVWNTVIODYuMnY4LjEzaDE2LjI2djQuMDdoNC4wN1Y4My40NUg5OC40VjY3LjE5SDg2LjJWODMuNDVaIi8+PHBvbHlnb24gcG9pbnRzPSIxNTMuMTMgNjMuNyAxNTMuMTMgNTEuMzkgMTQwLjU0IDUxLjM5IDE0MC41NCAzOS4wOSAxMjcuOTUgMzkuMDkgMTI3Ljk1IDI2Ljc5IDEwMi43OCAyNi43OSAxMDIuNzggMzkuMDkgMTE1LjM2IDM5LjA5IDExNS4zNiA1MS4zOSAxMjcuOTUgNTEuMzkgMTI3Ljk1IDYzLjcgMTQwLjU0IDYzLjcgMTQwLjU0IDc2IDEyNy4zNiA3NiAxMjcuMzYgODguMyAxMTQuNzggODguMyAxMTQuNzggMTAwLjYxIDEwMi4xOSAxMDAuNjEgMTAyLjE5IDExMi45MSAxMjcuMzYgMTEyLjkxIDEyNy4zNiAxMDAuNjEgMTM5Ljk1IDEwMC42MSAxMzkuOTUgODguMyAxNTIuNTQgODguMyAxNTIuNTQgNzYgMTY1LjcyIDc2IDE2NS43MiA2My43IDE1My4xMyA2My43Ii8+PHBvbHlnb24gcG9pbnRzPSIzMy4xMyA2My43IDMzLjEzIDUxLjM5IDQ1LjcyIDUxLjM5IDQ1LjcyIDM5LjA5IDU4LjMxIDM5LjA5IDU4LjMxIDI2Ljc5IDgzLjQ4IDI2Ljc5IDgzLjQ4IDM5LjA5IDcwLjg5IDM5LjA5IDcwLjg5IDUxLjM5IDU4LjMxIDUxLjM5IDU4LjMxIDYzLjcgNDUuNzIgNjMuNyA0NS43MiA3NiA1OC44OSA3NiA1OC44OSA4OC4zIDcxLjQ4IDg4LjMgNzEuNDggMTAwLjYxIDg0LjA3IDEwMC42MSA4NC4wNyAxMTIuOTEgNTguODkgMTEyLjkxIDU4Ljg5IDEwMC42MSA0Ni4zMSAxMDAuNjEgNDYuMzEgODguMyAzMy43MiA4OC4zIDMzLjcyIDc2IDIwLjU0IDc2IDIwLjU0IDYzLjcgMzMuMTMgNjMuNyIvPjwvc3ZnPg==)](https://haxtheweb.org/)
 [![Published on npm](https://img.shields.io/npm/v/@haxtheweb/haxcms-nodejs?style=flat)](https://www.npmjs.com/package/@haxtheweb/haxcms-nodejs)

SECURITY.md

@@ -0,0 +1,10 @@
+# Security Policy
+
+## Supported Versions
+
+We often run master on production systems or slightly behind master. Tagged releases of all web components in this repo are published to npm and managed via lerna.
+If we get a security issue in a specific version, we are going to fix it in a newer release of the web component and you should update to the latest stable at that time.
+
+## Reporting a Vulnerability
+
+Security related issues should be filed in our general issue queue https://github.com/haxtheweb/issues/issues

SUPPORT.md

@@ -0,0 +1,31 @@
+# Support
+
+## Getting Help
+
+If you need help with this project, please use the following resources:
+
+### Community Support
+
+- **Discord**: Join our community Discord server for real-time help and discussion: [HAXTheWeb Discord](https://discord.gg/EKYJAjqGhf)
+- **Documentation**: Visit our comprehensive documentation: [HAXTheWeb Docs](https://haxtheweb.org/documentation)
+- **Issues**: For bug reports and feature requests, please use our unified issue queue: [HAXTheWeb Issues](https://github.com/haxtheweb/issues/issues)
+
+### Getting Started
+
+- Check out our [documentation](https://haxtheweb.org/documentation) for guides and tutorials
+- Explore and play with HAX components: [HAX Magic Script Playground](https://hax.cloud/magicscript.html)
+- Join the discussion on [Discord](https://discord.gg/EKYJAjqGhf) to connect with other developers
+
+### Before Opening an Issue
+
+Before creating a new issue, please:
+
+1. Search existing issues in our [unified issue queue](https://github.com/haxtheweb/issues/issues)
+2. Check our [documentation](https://haxtheweb.org/documentation)
+3. Ask for help on [Discord](https://discord.gg/EKYJAjqGhf)
+
+This helps keep our issue queue focused on actual bugs and feature requests.
+
+## Contributing
+
+We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details on how to get involved.

renovate.json

@@ -1,28 +1,42 @@
 {
-    "extends": [
-      "config:base",
-      ":semanticPrefixFix",
-      ":separateMultipleMajorReleases",
-      ":separatePatchReleases",
-      ":maintainLockFilesWeekly",
-      ":widenPeerDependencies"
-    ],
-  
-    "packageRules": [
-      {
-        "updateTypes": ["patch"],
-  
-        "automerge": true,
-        "automergeType": "branch"
-      },
-      {
-        "updateTypes": ["minor"],
-        "matchCurrentVersion": "!/^[~^]?0/",
-  
-        "automerge": true,
-        "automergeType": "branch"
-      }
-    ],
-  
-    "rangeStrategy": "bump"
-  }
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "commitMessageLowerCase": "never",
+  "labels": [
+    "dependencies"
+  ],
+  "prConcurrentLimit": 3,
+  "prHourlyLimit": 2,
+  "schedule": [
+    "* 0-7 * * 1"
+  ],
+  "packageRules": [
+    {
+      "groupName": "HAXTheWeb Dependencies",
+      "matchPackagePatterns": ["^@haxtheweb/"],
+      "schedule": ["at any time"]
+    },
+    {
+      "groupName": "Development Dependencies",
+      "matchDepTypes": ["devDependencies"],
+      "addLabels": ["skip changelog"],
+      "automerge": true,
+      "matchUpdateTypes": ["patch", "minor"],
+      "matchCurrentVersion": "!/^0/"
+    },
+    {
+      "groupName": "GitHub Actions",
+      "matchManagers": ["github-actions"],
+      "addLabels": ["skip changelog"],
+      "automerge": true,
+      "matchUpdateTypes": ["patch", "minor"],
+      "matchCurrentVersion": "!/^0/"
+    },
+    {
+      "enabled": false,
+      "matchUpdateTypes": ["digest"]
+    }
+  ]
+}

src/boilerplate/site/ghpages.html

@@ -46,11 +46,11 @@
   <link rel="preload" href="./wc-registry.json" as="fetch" crossorigin="anonymous" fetchpriority="high" />
   <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/wc-autoload/wc-autoload.js" crossorigin="anonymous" />
   <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/dynamic-import-registry/dynamic-import-registry.js" crossorigin="anonymous" />
-  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/haxcms-site-builder.js" crossorigin="anonymous" />
+  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/core/haxcms-site-builder.js" crossorigin="anonymous" />
   <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/core/haxcms-site-store.js" crossorigin="anonymous" />
   <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/core/haxcms-site-router.js" crossorigin="anonymous" />
-  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/base/HAXCMSThemeWiring.js" crossorigin="anonymous" />
-  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/base/HAXCMSLitElementTheme.js" crossorigin="anonymous" />
+  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/core/HAXCMSThemeWiring.js" crossorigin="anonymous" />
+  <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/core/HAXCMSLitElementTheme.js" crossorigin="anonymous" />
   <link rel="modulepreload" href="./build/es6/node_modules/@haxtheweb/utils/utils.js" crossorigin="anonymous" />
   <link rel="preload" href="./build/es6/node_modules/@haxtheweb/haxcms-elements/lib/base.css" as="style" />
   <meta name="generator" content="HAXcms">