First off, thanks for taking the time to contribute! 🎉
SecurePixel is built with Vanilla JavaScript and Tailwind CSS.
- Fork the repo.
- Clone it locally.
- Run via a local server (e.g., Live Server or Python
http.server).
Since this is a security tool, we have strict guidelines for contributions:
- Isolation of Logic: The encryption/decryption logic (
script.js) must remain completely isolated from the analytics logic. - Analytics: We use Google Analytics for anonymous usage stats.
- Do NOT add any tracking code that captures user inputs, file names, or image data.
- Do NOT bypass the consent manager. All trackers must wait for the
securepixel_consentflag.
- Dependencies: Avoid adding external npm packages unless necessary. We prefer native Browser APIs to minimize supply chain risks.
If you find a security vulnerability, please check SECURITY.md for reporting instructions. Do not open a public issue for critical security flaws.
- Ensure your code follows existing styles.
- Test your changes in both Light and Dark modes.
- Verify that encryption works offline.