Add blog posts

Author: kamiazya

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

blog/2019-05-28-first-blog-post.md

@@ -0,0 +1,32 @@
+---
+slug: tidelift
+title: TideLift Subscription 🌱
+authors: kamiazya
+tags: [security]
+---
+Hey everyone 👋,
+
+At the heart of the ts-graphviz project, we're all about pushing the envelope on technical excellence and bolstering our community.
+We're stepping into an exciting phase to further support the sustainability and growth of our project. With our partnership with TideLift, ts-graphviz is set to offer enterprise-level support and security, making it a tool developers can rely on with confidence.
+
+<!-- truncate -->
+
+### Available as part of the Tidelift Subscription 🤝
+
+The maintainers of ts-graphviz and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use.
+
+[Learn more](https://tidelift.com/subscription/pkg/npm-ts-graphviz?utm_source=npm-ts-graphviz&utm_medium=referral&utm_campaign=enterprise&utm_term=repo).
+
+### Impact on the Community 🌈
+
+This new collaboration with TideLift marks a significant step towards making ts-graphviz a more widely accepted and trusted tool across various projects and organizations. It also secures the necessary funding for maintenance and development, which is a win for developers.
+
+### Looking Ahead 🌟
+
+We're thrilled about the opportunities this partnership with TideLift brings to further enhance ts-graphviz and continue delivering value to our community. Your feedback is always welcome; we're eager to hear your suggestions and ideas on how to maximize the value ts-graphviz offers.
+
+We hope this new chapter will be an important step in our collective journey towards better creation and innovation within the ts-graphviz community.
+
+With heartfelt thanks,
+The ts-graphviz Team ❤️
+

blog/2019-05-29-long-blog-post.md

@@ -0,0 +1,40 @@
+---
+slug: v2
+title: 'ts-graphviz v2.0.0 Released🎉'
+authors: kamiazya
+tags: [security, release]
+---
+Hello, everyone! We are excited to share that ts-graphviz v2.0.0 is now available!
+This major update brings a host of improvements aimed at enhancing performance, security, and compatibility with the evolving JavaScript ecosystem.
+
+<!-- truncate -->
+
+### Major Updates 🚀
+
+- **Dropping Support for Node.js 14 & 16**: As part of our commitment to maintaining a cutting-edge library, we've updated our minimum supported Node.js version to Node.js 18. This decision aligns with our goals to leverage the latest features and improvements while ensuring the highest level of security for our users.
+
+### Package Splitting and Monorepo-ization 📦
+
+With v2.0.0, we've taken significant steps to restructure ts-graphviz for better modularity, maintainability, and usability:
+
+- **Improved Modularity**: The library has been divided into several packages, allowing you to install and use only what you need. This reduces unnecessary dependencies and optimizes performance.
+- **Easier Maintainability and Collaboration**: This new structure simplifies maintenance and encourages contributions by making it easier for developers to focus on specific areas of interest.
+- **Centralized Management**: Our shift to a monorepo approach allows for streamlined issue tracking, pull request management, and documentation updates across all packages.
+
+### Node.js Version Support Policy 📝
+
+To better align with the JavaScript ecosystem's progress and ensure our library remains secure and up-to-date, we've established a clear Node.js Version Support Policy:
+
+- We now guarantee support for the latest Node.js LTS version at the time of each major release, starting with **Node.js 18** for ts-graphviz v2.0.0.
+- Our policy includes ending support for Node.js versions that reach their End-of-Life (EOL), ensuring our users benefit from the most secure and performant version possible.
+
+### Moving Forward 🔍
+
+This release marks a significant milestone in our journey to provide a powerful and user-friendly tool for working with Graphviz DOT language in TypeScript projects. We encourage you to update your projects to the latest LTS version of Node.js and explore the new features and improvements in ts-graphviz v2.0.0.
+
+
+For detailed information on the release, including a migration guide and an overview of the new package structure, please visit our [release notes](https://github.com/ts-graphviz/ts-graphviz/releases/tag/ts-graphviz%402.0.0).
+
+
+We're eager to hear your feedback and look forward to continuing to improve ts-graphviz together.
+Thank you for your support and collaboration!

blog/2021-08-01-mdx-blog-post.mdx

@@ -0,0 +1,24 @@
+---
+title: Exciting News for Our Valued Sponsors! 🎉
+authors: kamiazya
+tags: [release]
+---
+We're thrilled to announce a significant update to the ts-graphviz project! 🚀
+In our continuous effort to enhance the development experience and expand the project's capabilities, we've made some pivotal changes and improvements that we believe will greatly benefit your projects.
+
+<!-- truncate -->
+
+## What's New? 🌟
+
+- **Integration of `@ts-graphviz/react`**: The `@ts-graphviz/react` package has now been fully integrated into the ts-graphviz repository. This consolidation aims to streamline development processes and foster a more cohesive ecosystem for our graph visualization tools.
+- **Support for React 18**: We've upgraded our support to React 18, ensuring that developers utilizing ts-graphviz with React can take advantage of the latest features, performance improvements, and optimizations offered by React 18.
+- **Enhanced HTMLLikeLabel Support**: The types related to HTMLLikeLabel have been moved to `@ts-graphviz/common`, improving maintainability and making it easier for developers to work with complex labels within their graphs.
+- **API Improvements**: We've also implemented several API improvements to enhance usability, flexibility, and overall developer experience. These changes are designed to make ts-graphviz even more powerful and intuitive for building and manipulating graph visualizations.
+
+Your support plays a crucial role in the development and growth of ts-graphviz.
+These updates are part of our commitment to delivering high-quality, innovative solutions that meet the evolving needs of our community.
+We're excited for you to try out these new features and improvements!
+
+As we continue to push the boundaries of graph visualization tools, we're grateful for your ongoing support and feedback. Stay tuned for more updates, and feel free to reach out if you have any questions or suggestions.
+
+Thank you for being a part of our journey. Let's continue to create amazing things together! 🌈

blog/2021-08-26-welcome/docusaurus-plushie-banner.jpeg

@@ -0,0 +1,23 @@
+---
+title: Community Collaboration Drives ts-graphviz/setup-graphviz Evolution 🌟
+authors: kamiazya
+tags: [release]
+---
+Hello, ts-graphviz community!
+We're excited to announce the latest releases of setup-graphviz, versions v2.0.1 and v2.0.2.
+
+<!-- truncate -->
+
+These updates were made possible through rapid community response to [issues related to GitHub Actions runner images](https://github.com/actions/runner-images/issues/9733).
+
+### Release Highlights:
+
+- **v2.0.1**: Fixed installation issues on Linux, enhancing stability. 🛠️
+- **v2.0.2**: Removed scripts made redundant by updates to GitHub Actions environments. 🧹
+
+We are deeply grateful for the dedicated efforts and support from developers, contributors, and users who came together to address these issues swiftly.
+Your collaboration is invaluable, and we look forward to continuing our journey to improve ts-graphviz together.
+
+For more details on the release, please visit: [ts-graphviz/setup-graphviz Releases](https://github.com/ts-graphviz/setup-graphviz/releases)
+
+Let's continue to achieve great things together! 🚀

blog/2021-08-26-welcome/index.md

@@ -0,0 +1,134 @@
+---
+title: Leveraging OpenSSF to Protect and Secure ts-graphviz Published🛡️
+authors: kamiazya
+tags: [security]
+---
+## 📅 Introduction
+On May 24, 2024, at the Nextbeat Tech Bar’s ["First Discussion on Library Development"](https://nextbeat.connpass.com/event/312789/) in Japan, I presented an LT titled **"Secure Library Development"**.
+
+The original presentation was in Japanese, and this article shares the content in English to extend our efforts to a broader audience.
+
+<!-- truncate -->
+
+## 🔍 Discovering OpenSSF
+The [Open Source Security Foundation (OpenSSF)](https://openssf.org/) was established 2020 under the [Linux Foundation](https://www.linuxfoundation.org/).
+Its mission is to ensure the sustainable safety of OSS development, maintenance, and use. We discovered OpenSSF while seeking security measures for ts-graphviz and found its initiatives highly relevant.
+
+![OpenSSF](https://openssf.org/wp-content/uploads/2023/04/Layer-13.png)
+
+## 🛠️ Implementing Security Measures
+
+### 📚 OpenSSF Guides
+OpenSSF Guides offer comprehensive guidelines to improve OSS security. They include specific guides for technologies like npm and C/C++ compiler options, source code management settings, and vulnerability disclosure processes. These guides are valuable for both OSS developers and users.
+
+### 🏅 OpenSSF Best Practices Badge
+OSS developers can self-certify their projects by answering security-related questions and following best practices. Meeting these criteria makes packages more secure. OSS users can evaluate projects to ensure they follow best practices, helping them choose safer OSS.
+
+### 🔍 OpenSSF Scorecard
+The Scorecard is a CLI tool that automatically checks and evaluates security risks. It integrates with CI tools like GitHub Actions for continuous evaluation and publishes scores as reports. It can be installed in less than 10 minutes on GitHub Actions.
+
+## 🚀 Benefits and Outcomes
+Implementing these security measures significantly enhanced the security of ts-graphviz. We believe this can inspire other OSS projects to adopt similar measures, improving overall security in the open-source community.
+
+## 🌟 Get Involved and Support
+We invite you to support our efforts through OpenCollective and GitHub Sponsors. Your contributions help us maintain and improve the security of ts-graphviz. 
+
+Check out the English versions of the slides and speaker notes from our LT:
+
+- [Google Slide](https://docs.google.com/presentation/d/e/2PACX-1vQAUNsc26XXbmIr2UaR3GtMd-iNADtJebK-FBgyqiNHVZ-1yQBxFuGOLKQohYejXjzm8C-DByC6ecmp/pub?start=false&loop=false&slide=id.p) / ([日本語](https://docs.google.com/presentation/d/e/2PACX-1vQKliPNP2Yiqq88xVnTsf944YtWhZY2DvSExc790pYmpthSR30SSxVpp06MMPmD6Ea1TqUfd44tflMI/pub?start=false&loop=false&slide=id.p))
+- [Speaker Deck](https://speakerdeck.com/kamiazya/secure-library-development-practical-oss-security-with-openssf) / ([日本語](https://speakerdeck.com/kamiazya/sekiyuanaraiburarikai-fa-openssfdeshi-meruosssekiyuriteinoshi-jian-tohuo-yong))
+
+
+## 📄 Slides with Speaker Notes
+
+Those interested in a detailed walkthrough can access the slides along with the speaker notes used during the presentation. This provides a comprehensive view of the measures and insights shared:
+
+![](./slides/0.png)
+
+Today, I’d like to talk about "Secure Library Development" with a focus on the initiatives of OpenSSF.
+
+![](./slides/1.png)
+
+Hello, I’m Yuki Yamazaki, also known as kamiazya on GitHub and Twitter.
+I work at iRidge, Inc., where I develop, maintain, and operate a mobile application development support kit (SaaS + SDK).
+
+![](./slides/2.png)
+
+I developed a TypeScript-friendly Graphviz wrapper called ts-graphviz, which is available as an npm library.
+It’s a minor library but is widely used by various OSS projects, achieving around 2 million downloads per month.
+
+![](./slides/3.png)
+
+While I’m happy to see my library being used, it also raises concerns.
+Modern applications rely on many open-source libraries, and even a small vulnerability in an obscure library like mine could have widespread implications.
+Thus, security is crucial in library development.
+
+![](./slides/4.png)
+
+"Is the security of my library sufficient?"
+"Where should I start with security measures?"
+
+Lack of security knowledge made it difficult for me to evaluate my library’s security.
+
+![](./slides/5.png)
+
+As I delved into security measures, I discovered OpenSSF (Open Source Security Foundation).
+
+Established in 2020 under the Linux Foundation, OpenSSF aims to ensure the sustainable safety of OSS development, maintenance, and usage, promoting initiatives to secure both OSS itself and its supply chain.
+
+![](./slides/6.png)
+
+This LT introduces three security measures implemented in the ts-graphviz project using OpenSSF, which can also inspire other projects to improve their security.
+
+As an OSS user, I believe that understanding OSS security measures through this presentation will help you develop more secure software.
+Thank you for staying with me until the end.
+
+![](./slides/7.png)
+
+The first is the OpenSSF Guides.
+
+These are comprehensive guidelines to improve the security of open-source software.
+They include specific guides for technologies like npm and C/C++ compiler options, as well as niche topics like source code management settings and vulnerability disclosure processes.
+
+The content is useful not only for OSS developers but also for users.
+
+![](./slides/8.png)
+
+The second is the OpenSSF Best Practices Badge. OSS developers can self-certify their projects by answering security-related questions.
+By working to meet the criteria, you can make your packages more secure. 
+
+The evaluation criteria are publicly available, so by striving to meet these criteria, you can enhance the security of your packages.
+
+![](./slides/9.png)
+
+OSS users can evaluate if a project follows best practices, helping in selecting safer OSS for use.
+
+By confirming the safety of the projects you want to use, you can select safer OSS.
+
+![](./slides/10.png)
+
+The third is the OpenSSF Scorecard.
+This CLI tool automatically checks and evaluates security risks.
+It can be integrated with CI tools like GitHub Actions for continuous evaluation. The score is published as a report.
+Installable in less than 10 minutes on GitHub Actions.
+
+![](./slides/11.png)
+
+OpenSSF is also promoting various other projects.
+
+![](./slides/12.png)
+
+Utilizing OpenSSF initiatives has enabled me to confidently advance the security measures for ts-graphviz, providing safer libraries for users.
+
+![](./slides/13.png)
+
+“Let's Create More Secure Software with OpenSSF Initiatives.”
+I plan to continue utilizing OpenSSF initiatives to develop more secure software in the future.
+
+![](./slides/14.png)
+
+Thank you for your attention.
+
+![](./slides/15.png)
+
+For more details, you can refer to the slides and additional resources linked within the presentation.