Skip to content

Add CLAUDE.md, improve READMEs, fix dependency vulnerabilities#26

Open
Gabrielpanga wants to merge 3 commits intomasterfrom
chore/docs-and-security-fixes
Open

Add CLAUDE.md, improve READMEs, fix dependency vulnerabilities#26
Gabrielpanga wants to merge 3 commits intomasterfrom
chore/docs-and-security-fixes

Conversation

@Gabrielpanga
Copy link
Copy Markdown
Member

@Gabrielpanga Gabrielpanga commented Apr 5, 2026

Summary

  • Add CLAUDE.md with repo architecture, commands, SDK reference, and notable patterns
  • Rewrite root README.md with organized framework tables and quick deploy button
  • Add 3 missing READMEs (frontend/html, frontend/flask, frontend/cordova)
  • Improve 7 existing READMEs with prerequisites, setup steps, and resource links
  • Fix 102 of 311 dependency vulnerabilities via npm audit fix across all projects

Vulnerability Fix Breakdown

Project Before After Fixed
vercel-quickdeploy-nextjs 8 2 6
node-nestjs 47 30 17
react-native-expo 12 1 11
react-native 63 35 28
aws-sst 120 90 30
vercel-node-connect-token 10 5 5
vercel-node-mongo 11 6 5
nextjs 3 3 0
react 37 37 0
Total 311 209 102

Remaining vulnerabilities (require major migrations)

  • frontend/react (37): react-scripts 5.0.1 transitive deps — not exploitable in build context, requires Vite migration
  • examples/aws-sst (90): SST v1 / CDK 2.7.0 tree — requires SST v3 migration
  • frontend/react-native (35): React Native 0.66 tree — requires RN upgrade
  • Others: Deep transitive deps in NestJS/Sequelize and old Vercel packages

Test plan

  • Verify all README links resolve correctly
  • Spot-check npm ci in 2-3 projects to confirm lock files are valid
  • Review CLAUDE.md for accuracy

@Gabrielpanga
Pin all dependencies to exact versions and enforce save-exact
fb170de 
- Pin 122 dependencies across 10 projects to their lock file versions
  (remove ^, ~, and < prefixes)
- Add .npmrc with save-exact=true and min-release-age=7d to all projects
- Change vercel.json installCommand from npm install to npm ci
- Generate missing package-lock.json for frontend/react-native
@Gabrielpanga
Remove yarn.lock from frontend/react-native
14a40be 
Standardize on npm — .npmrc and package-lock.json are now the source of truth.
@Gabrielpanga
Add CLAUDE.md, improve READMEs, fix 102 dependency vulnerabilities
631c932 
Documentation:
- Add CLAUDE.md with architecture, commands, and SDK reference
- Rewrite root README with framework tables and quick deploy button
- Add missing READMEs for html, flask, and cordova quickstarts
- Improve READMEs for react, nextjs, react-native, node-nestjs,
  vercel-node-connect-token, vercel-node-mongo, and aws-sst

Security:
- Run npm audit fix across all 9 Node.js projects
- Fix 102 of 311 vulnerabilities (33% reduction)
- Remaining vulns are in deprecated transitive deps (react-scripts,
  SST v1, React Native 0.66) that require major migrations to resolve
@Gabrielpanga Gabrielpanga requested a review from a team as a code owner April 5, 2026 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Gabrielpanga