Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Security Policy

## Scope and Deployment

MagicMirror is primarily intended for trusted local/private network environments.
Direct public exposure to the internet or other untrusted networks is not recommended.

We take security seriously and encourage responsible disclosure of vulnerabilities to help us improve the software.

## Reporting a Vulnerability

**Please keep vulnerability details private** — do not post them in public GitHub issues.

Instead, reach out privately via the MagicMirror forum to one of the core developers:

- [rejas](https://forum.magicmirror.builders/user/rejas)
- [karsten13](https://forum.magicmirror.builders/user/karsten13)
- [sdetweil](https://forum.magicmirror.builders/user/sdetweil)
- [Kristjan](https://forum.magicmirror.builders/user/kristjanesperanto)

Please include, if possible:

- Affected version(s)
- Reproduction steps or proof-of-concept
- What could an attacker do with this?
- Any ideas how to fix it?

## Coordinated Disclosure

We will keep reported vulnerabilities private until a fix is available and coordinate the disclosure timeline with you.
We aim to respond as quickly as possible.
6 changes: 3 additions & 3 deletions .github/workflows/automated-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency:

jobs:
code-style-check:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
timeout-minutes: 15
steps:
- name: "Checkout code"
Expand All @@ -42,7 +42,7 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
node-version: [22.21.1, 22.x, 24.x]
node-version: [22.x, 24.x, 25.x]
steps:
- name: Install electron dependencies and labwc
run: |
Expand All @@ -69,7 +69,7 @@ jobs:
sudo chmod 4755 ./node_modules/electron/dist/chrome-sandbox
# Start labwc
WLR_BACKENDS=headless WLR_LIBINPUT_NO_DEVICES=1 WLR_RENDERER=pixman labwc &
touch css/custom.css
touch config/custom.css
- name: "Run tests"
run: |
export WAYLAND_DISPLAY=wayland-0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dep-review.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ permissions:

jobs:
dependency-review:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
steps:
- name: "Checkout code"
uses: actions/checkout@v6
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/electron-rebuild.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ on: [pull_request]
jobs:
rebuild:
name: Run electron-rebuild
runs-on: ubuntu-latest
runs-on: ubuntu-slim
strategy:
matrix:
node-version: [22.21.1, 22.x, 24.x]
node-version: [22.x, 24.x, 25.x]
steps:
- name: Checkout code
uses: actions/checkout@v6
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/enforce-pullrequest-rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on:

jobs:
check:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
if: github.event_name == 'pull_request'
timeout-minutes: 10
steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-notes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ concurrency:

jobs:
release-notes:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
timeout-minutes: 15
steps:
- name: "Checkout code"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/spellcheck.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ permissions:

jobs:
spellcheck:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
steps:
- name: Checkout code
uses: actions/checkout@v6
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/stale.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ permissions:

jobs:
stale:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
steps:
- uses: actions/stale@v10
with:
Expand Down
13 changes: 3 additions & 10 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -54,20 +54,13 @@ Temporary Items
.directory
.Trash-*

# Ignore all modules except the default modules.
# Ignore all modules
/modules/*
!/modules/default

# Ignore changes to the custom css files but keep the sample and main.
/css/*
!/css/custom.css.sample
!/css/font-awesome.css
!/css/main.css
!/css/roboto.css

# Ignore users config file but keep the sample.
# Ignore users config file but keep the samples.
config
!config/config.js.sample
!config/custom.css.sample

# Vim
## swap
Expand Down
20 changes: 17 additions & 3 deletions Collaboration.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Are done by
- [ ] add label `mastermerge`
- [ ] title of the PR is `Release 2.xx.0`
- [ ] description of the PR is the body of the draft release with name `v2.xx.0`
- [ ] check if new PR has merge conflicts, if so, merge `master` into the new PR and solve the conflicts
- [ ] after PR tests run without issues, merge PR
- [ ] edit draft release with name `v2.xx.0`
- [ ] set corresponding version tag `v2.xx.0` (with `Select tag` and then `Create new tag`)
Expand All @@ -61,11 +62,24 @@ Are done by

### After release

- [ ] publish release notes with link to github release on forum in new locked topic
- [ ] publish release notes with link to github release on forum in new locked topic (use edit release on github to copy the content with markdown syntax)
- [ ] close all issues with label `ready (coming with next release)`
- [ ] release new documentation by merging `develop` on `master` in documentation repository
- [ ] publish new version on [npm](https://www.npmjs.com/package/magicmirror)
- [ ] use a clean environment (e.g. container)
- [ ] clone this repository with the new `master` branch and `cd` into the local repository directory
- [ ] log in to npm with `npm login --auth-type legacy` which will ask for username and password and one-time-password which is sent via mail
- [ ] execute `npm publish`
- [ ] **Method 1 (recommended): With browser and 2FA**
- [ ] execute `npm login` which will open a browser window
- [ ] log in with your npm credentials and enter your 2FA code
- [ ] execute `npm publish`
- [ ] **Method 2 (fallback for headless environments): With token (bypasses 2FA)**
- [ ] ⚠️ Note: This method bypasses 2FA and should only be used when a browser is not available
- [ ] goto `https://www.npmjs.com/settings/<username>/tokens/` and click `generate new token`
- [ ] enable `Bypass two-factor authentication (2FA)` and under `Packages and scopes` give `Read and write` permission to the `magicmirror` package, press `Generate token`
- [ ] execute:

```bash
NPM_TOKEN="npm_xxxxxx"
npm set "//registry.npmjs.org/:_authToken=$NPM_TOKEN"
npm publish
```
7 changes: 6 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,10 @@ If we receive enough donations we might even be able to free up some working hou
To donate, please follow [this](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=G5D8E9MR5DTD2&source=url) link.

<p style="text-align: center">
<a href="https://forum.magicmirror.builders/topic/728/magicmirror-is-voted-number-1-in-the-magpi-top-50"><img src="https://magicmirror.builders/img/magpi-best-watermark-custom.png" width="150" alt="MagPi Top 50"></a>
<a href="https://forum.magicmirror.builders/topic/728/magicmirror-is-voted-number-1-in-the-magpi-top-50">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://magicmirror.builders/img/magpi-best-watermark.png">
<img src="https://magicmirror.builders/img/magpi-best-watermark-custom.png" width="150" alt="MagPi Top 50">
</picture>
</a>
</p>
Loading