chore: clean up husky scripts and enhance README with security policy and features

Author: LabEG

.husky/commit-msg

@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 npx commitlint --edit $1

.husky/pre-commit

@@ -1,4 +1 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
 npx lint-staged

README.md

@@ -1,34 +1,51 @@
-First DI
-=====
+# first-di
 
-Easy dependency injection for TypeScript applications
+[![npm version](https://img.shields.io/npm/v/first-di.svg)](https://www.npmjs.com/package/first-di)
+[![npm downloads](https://img.shields.io/npm/dm/first-di.svg)](https://www.npmjs.com/package/first-di)
+[![license](https://img.shields.io/npm/l/first-di.svg)](https://github.com/LabEG/first-di/blob/master/LICENSE)
+[![Build Status](https://github.com/LabEG/first-di/workflows/Test%20Pull%20Request/badge.svg)](https://github.com/LabEG/first-di/actions)
 
-Installation
-------
+Lightweight and powerful dependency injection container for TypeScript applications
+
+---
+
+## Overview
+
+**first-di** is a modern, type-safe dependency injection container designed specifically for TypeScript applications. It provides a clean and intuitive API for managing dependencies with minimal configuration and zero runtime dependencies.
+
+### Key Features
+
+- 🚀 **Zero Dependencies** - No external runtime dependencies required
+- 💡 **Two Operation Modes** - Optional DI for simplicity, Classic DI for advanced scenarios
+- 🔄 **Multiple Lifecycles** - Singleton, Transient, Per-Instance, and Per-Access patterns
+- 🎯 **Type-Safe** - Full TypeScript support with decorator-based metadata
+- 🔧 **Flexible Scoping** - Support for multiple isolated DI containers
+- 🧪 **Test-Friendly** - Easy mocking and overriding for unit tests
+- 📦 **Extensible** - Built on OOP/SOLID principles for easy customization
+
+---
+
+## Installation
 
 For the latest stable version:
 
-```Bash
+```bash
 npm i first-di
 ```
 
-Features
-------
+## Quick Start
 
-- Easy and powerful dependency injection for any TypeScript application.
-- 2 modes of work. Optional DI - for most apps. Classic DI - for advanced apps.
-- Support for multiple scopes.
-- Supports multiple life cycles.
-- Dependency-free. Dependencies are used only for development.
+### Prerequisites
 
-Setup
-------
+Install [reflect-metadata](https://www.npmjs.com/package/reflect-metadata) package and import it in your application entry point:
 
-Install [reflect-metadata](https://www.npmjs.com/package/reflect-metadata) package and import it in the root TypeScript file. This package is needed to support reflection and is a mandatory requirement of TypeScript.
+```bash
+npm install reflect-metadata
+```
 
-In tsconfig.json enable compiler options:
+Enable the following compiler options in `tsconfig.json`:
 
-```Json
+```json
 {
     "compilerOptions": {
         ...
@@ -40,10 +57,13 @@ In tsconfig.json enable compiler options:
 
 ```
 
-Using in Optional DI mode
-------
+---
+
+## Usage
+
+### Optional DI Mode
 
-Just write classes and inject dependencies through class constructors. When the 'resolve' function is called, all dependencies will be resolved.
+The simplest approach - write classes and inject dependencies through constructors. All dependencies are automatically resolved when calling `resolve()`.
 
 ```typescript
 import { resolve, override, reflection } from "first-di";
@@ -109,10 +129,9 @@ if (process.env.NODE_ENV === "test") {
 }
 ```
 
-Using in Classic DI mode
-------
+### Classic DI Mode
 
- In professional mode Abstract classes are used instead of interfaces. TypeScript does not generate interfaces for working in runtime. Abstract classes serve as the abstract base class. So instead of interfaces, you need to write Abstract classes.
+For advanced scenarios, use abstract classes as contracts instead of interfaces. Abstract classes generate runtime metadata that TypeScript interfaces cannot provide.
 
 ```typescript
 import { resolve, override, reflection } from "first-di";
@@ -193,8 +212,7 @@ if (process.env.NODE_ENV === "test") {
 }
 ```
 
-Options
-------
+## Options
 
 First DI has several points for customizing dependency options:
 
@@ -214,8 +232,7 @@ Options have the following properties:
 
     PER_ACCESS - Create new instance on each access to resolved property.
 
-Scopes
-------
+## Scopes
 
 Support multiple scopes
 
@@ -233,18 +250,21 @@ const serviceScopeB = scopeB.resolve(ProductionService);
 const dataB = await serviceScopeB.getData();
 ```
 
-API
-------
+---
 
-First DI also has an API for extended use.
+## API Reference
 
-- override - Function. Override dependency and resolve options.
-- resolve - Function. Resolves dependency with default options or specified.
-- singleton - Function. Resolve singleton.
-- instance - Function. Resolve new instance.
-- reset - Function. Reset all singleton list and override list, but doesn't reset global options.
+### Core Functions
 
-Resolve, singleton, instance - can be used to implement the Service Locator.
+- **`override(fromClass, toClass, options?)`** - Override dependency resolution with custom implementation
+- **`resolve(class, options?)`** - Resolve dependency with specified or default options
+- **`singleton(class)`** - Resolve as singleton instance
+- **`instance(class)`** - Always create new instance
+- **`reset()`** - Clear all singletons and overrides (preserves global options)
+
+### Service Locator Pattern
+
+The API functions can be used to implement the Service Locator pattern:
 
 ```typescript
 import { singleton, instance, resolve, AutowiredLifetimes } from "first-di";
@@ -260,10 +280,13 @@ class ApiDemo {
 }
 ```
 
-Extension DI
-------
+---
+
+## Advanced Usage
 
-First DI uses OOP and SOLID design principles. Each part of DI can be overridden or extended after inheritance from the base class.
+### Extending the DI Container
+
+Built on OOP and SOLID principles, every component can be extended or customized:
 
 ```typescript
 import { DI } from "first-di";
@@ -275,3 +298,13 @@ class MyDI extends DI {
     }
 }
 ```
+
+---
+
+## Contributing
+
+Contributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) and [Code of Conduct](CODE_OF_CONDUCT.md) before submitting pull requests.
+
+## License
+
+MIT © [Eugene Labutin](https://github.com/LabEG)

SECURITY.md

@@ -0,0 +1,109 @@
+# Security Policy
+
+## Supported Versions
+
+We actively support the following versions of `first-di` with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.x     | :white_check_mark: |
+| 2.x     | :x:                |
+| < 2.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of `first-di` seriously. If you discover a security vulnerability, please follow these steps:
+
+### How to Report
+
+1. **DO NOT** open a public GitHub issue for security vulnerabilities
+2. Send a detailed report to the repository maintainer via:
+   - GitHub Security Advisory: [Report a vulnerability](https://github.com/LabEG/first-di/security/advisories/new)
+   - Email: Create an issue in the [issue tracker](https://github.com/LabEG/first-di/issues) marked as **Security** (if no sensitive details need to be shared)
+
+### What to Include
+
+Please provide the following information in your report:
+
+- **Description**: A clear description of the vulnerability
+- **Impact**: What could an attacker accomplish by exploiting this vulnerability
+- **Reproduction**: Step-by-step instructions to reproduce the issue
+- **Version**: The version of `first-di` affected
+- **Environment**: Relevant environment details (Node.js version, TypeScript version, etc.)
+- **Suggested Fix** (optional): If you have ideas on how to fix the vulnerability
+
+### Response Timeline
+
+- **Initial Response**: Within 48 hours of receiving the report
+- **Status Update**: Within 7 days with either a fix timeline or request for more information
+- **Resolution**: Security patches will be released as soon as possible, typically within 14 days for critical issues
+
+### Security Update Process
+
+1. The vulnerability is confirmed and assessed
+2. A fix is developed and tested
+3. A security advisory is prepared
+4. A new version is released with the fix
+5. The security advisory is published with CVE (if applicable)
+
+## Security Best Practices
+
+When using `first-di`:
+
+### For Package Consumers
+
+- Always use the latest stable version
+- Regularly update dependencies using `npm update` or `npm audit fix`
+- Review the [CHANGELOG](./CHANGELOG.md) for security-related updates
+- Use `npm audit` to check for known vulnerabilities in dependencies
+
+### For Contributors
+
+- Follow secure coding practices
+- Run `npm audit` before submitting pull requests
+- Never commit sensitive information (API keys, passwords, tokens)
+- Test changes thoroughly with various configurations
+
+## Dependency Security
+
+This package has minimal dependencies (only reflect-metadata as peer dependency). We:
+
+- Monitor security advisories for all dependencies
+- Update dependencies promptly when security issues are discovered
+- Use `npm audit` in our CI/CD pipeline
+- Follow semantic versioning to ensure stable updates
+
+## Known Security Considerations
+
+As a dependency injection library, `first-di`:
+
+- **Executes constructor code** - ensure dependencies are from trusted sources
+- **Does not access network resources** - all operations are local
+- **Does not handle sensitive data** - it only manages object instantiation
+- **Runs in all environments** - part of your application runtime
+
+However, always ensure you:
+
+- Install packages from official npm registry
+- Verify package integrity using `npm audit`
+- Review configuration changes before applying
+
+## Disclosure Policy
+
+When a security vulnerability is fixed:
+
+1. We will credit the reporter (unless they wish to remain anonymous)
+2. Details will be disclosed after a fix is available
+3. We will publish a security advisory on GitHub
+4. The vulnerability will be documented in the CHANGELOG
+
+## Contact
+
+For any security-related questions or concerns, please:
+
+- Open a [GitHub Security Advisory](https://github.com/LabEG/first-di/security/advisories/new)
+- Create an issue at: <https://github.com/LabEG/first-di/issues>
+
+---
+
+Thank you for helping keep `first-di` and its users safe!

package.json

@@ -36,7 +36,7 @@
         "build": "rm -rf dist/ && tsc --project tsconfig.build.json && node ./dist/index.js",
         "release": "cliff-jumper --name 'first-di' --package-path '.' --no-skip-changelog --no-skip-tag",
         "prepublishOnly": "npm run lint && npm run build && npm run test",
-        "prepare": "husky install"
+        "prepare": "husky"
     },
     "peerDependencies": {
         "reflect-metadata": ">=0.1.0"