Community health files are documents related to project collaboration. Most commonly, these include:
CHARTER.mdCODE_OF_CONDUCT.mdCONTRIBUTING.mdGOVERNANCE.mdSECURITY.md
For projects hosted on GitHub, instead of adding these files to every repository within an organization, we can add them only once to a special organization repository which must be named .github. GitHub will automatically use the community health files specified at this location by default for all repositories within the organization.
The filenames must match what is expected by GitHub and must be in one of these locations:
- The root of the
.githubrepository - The
.githubfolder in the.githubrepository - The
docsfolder in the.githubrepository
Tip
We recommend placing these files in the root of the .github repository
Where possible, it is best to have only one file for each type of community health file, specified in the .github repository, and to avoid having individual files for each repository. However, specific project needs may require repository-specific files.
Important
If a file also exists in a repository, then that file will take precedence over the organization default.
These files are required for all OpenJS Foundation projects:
CODE_OF_CONDUCT.mdSECURITY.mdCHARTER.md- Note: it is not possible to provide a default CHARTER.md file for the organization. See the full list of supported default community health files.
- Instead of duplicating the content, consider using a centralized
CHARTER.mdfile, and then linking to that file from theCHARTER.mdfiles in other repositories.
- Instead of duplicating the content, consider using a centralized
- Note: it is not possible to provide a default CHARTER.md file for the organization. See the full list of supported default community health files.
A GOVERNANCE.md file should be provided for all organizations/projects with formal governance and is required for OpenJS Foundation Impact projects
A CONTRIBUTING.md file is highly recommended for all organizations/projects.
Note
All projects must have a LICENSE file, but it is not possible to provide a default LICENSE file for the organization. Every repository requires its own LICENSE file.
Organizations/projects should use the following content for their CODE_OF_CONDUCT.md file. This will avoid any issues that would arise by duplicating content.
This project follows the OpenJS Foundation Code of Conduct available at [code-of-conduct.openjsf.org](https://code-of-conduct.openjsf.org/).All organizations/projects must have a security policy. This file must inform users how they can privately report security issues to projects.
At a bare minimum, it should direct users to an email address.
It should also include any other reporting mechanism used by the project, such as GitHub PVR.
For guidance and assistance on developing security policy, reach out to the OpenJS Security Collaboration Space.
Another good resource is the OpenSSF Guide to implementing a coordinated vulnerability disclosure process for open source projects.
Community health files are one aspect of best practices that projects should follow. For more information on best practices, see the OpenSSF Best Practices Badge Guide.