fix: lock dependencies, update labeler config and restructure docs

.github/labeler.yml

@@ -1,22 +1,27 @@
 dependencies:
-  - package.json
-  - pnpm-lock.yaml
+- changed-files:
+  - any-glob-to-any-file: package.json
+  - any-glob-to-any-file: pnpm-lock.yaml
 
 ":test_tube: tests":
-  - test/*
-  - test/**/*
+- changed-files:
+  - any-glob-to-any-file: test/*
+  - any-glob-to-any-file: test/**/*
 
 ":pencil: docs":
-  - README.md
+- changed-files:
+  - any-glob-to-any-file: README.md
 
 ":zap: ci/cd":
-  - .github/workflows/*
-  - .github/labeler.yml
-  - .releaserc.cjs
-  - build.config.ts
-  - .eslintrc.cjs
-  - .eslintignore
+- changed-files:
+  - any-glob-to-any-file: .github/workflows/*
+  - any-glob-to-any-file: .github/labeler.yml
+  - any-glob-to-any-file: .releaserc.cjs
+  - any-glob-to-any-file: build.config.ts
+  - any-glob-to-any-file: .eslintrc.cjs
+  - any-glob-to-any-file: .eslintignore
 
 ":nail_care: codestyle":
-  - .prettierrc.cjs
-  - .prettierignore
+- changed-files:
+  - any-glob-to-any-file: .prettierrc.cjs
+  - any-glob-to-any-file: .prettierignore

.github/workflows/labeler.yml

@@ -1,6 +1,6 @@
 name: "Pull Request Labeler"
 on:
-  - pull_request_target
+  - pull_request
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -12,6 +12,7 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
       - uses: actions/labeler@v5
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,5 +1,5 @@
 [![CI](https://github.com/janbiasi/rollup-plugin-sbom/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/janbiasi/rollup-plugin-sbom/actions/workflows/ci.yml) [![CodeQL](https://github.com/janbiasi/rollup-plugin-sbom/actions/workflows/github-code-scanning/codeql/badge.svg?branch=main)](https://github.com/janbiasi/rollup-plugin-sbom/actions/workflows/github-code-scanning/codeql) ![npm](https://img.shields.io/npm/v/rollup-plugin-sbom)
-![npm peer dependency version (scoped)](https://img.shields.io/npm/dependency-version/rollup-plugin-sbom/peer/rollup?logo=rollupdotjs&color=%23EA483F) ![img](https://img.shields.io/badge/semver-2.0.0-green?logo=semver) ![npm type definitions](https://img.shields.io/npm/types/rollup-plugin-sbom) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/janbiasi/rollup-plugin-sbom/badge)](https://securityscorecards.dev/viewer/?uri=github.com/janbiasi/rollup-plugin-sbom)
+![npm peer dependency version (scoped)](https://img.shields.io/npm/dependency-version/rollup-plugin-sbom/peer/rollup?logo=rollupdotjs&color=%23EA483F) ![img](https://img.shields.io/badge/semver-2.0.0-green?logo=semver) ![npm type definitions](https://img.shields.io/npm/types/rollup-plugin-sbom) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/janbiasi/rollup-plugin-sbom/badge)](https://securityscorecards.dev/viewer/?uri=github.com/janbiasi/rollup-plugin-sbom) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8443/badge)](https://www.bestpractices.dev/projects/8443)
 
 # rollup-plugin-sbom
 
@@ -9,15 +9,17 @@ Create [SBOMs]() _(Software Bill of Materials)_ in [CycloneDX](https://cyclonedx
 >
 > – [CISA (.gov)](https://www.cisa.gov) [[full article](https://www.cisa.gov/sbom)]
 
-##### Content
+## Documentation
 
-- [Requirements and Compatibility](#requirements-and-compatibility)
+- [Requirements and compatibility](#requirements-and-compatibility)
 - [Installation](#installation)
-- [Usage](#usage)
+- [Usage guide](#usage)
   - [Usage with Vite](#usage-with-vite)
   - [Usage with Rollup](#usage-with-rollup)
-  - [Configuration Options](#configuration-options)
-- [Contributors](#contributors)
+  - [Configuration options and defaults](#configuration-options)
+- [Contributing](#contributing)
+  - [Make your first contribution](#good-first-issues)
+  - [Contributors](#contributors)
 
 ---
 
@@ -27,10 +29,13 @@ Create [SBOMs]() _(Software Bill of Materials)_ in [CycloneDX](https://cyclonedx
 | ------ | ------ | ------ | ------ |
 | v1     | v4, v5 | v3, v4 | 18, 20 |
 
-We're always supporting LTS Node.js versions and versions which still have security support. Plugin support will be dropped once a Node.js version reaches its final EOL.
+We're always supporting LTS Node.js versions and versions which still have security support.
+Plugin support will be dropped once a Node.js version reaches its final EOL.
 
 ### Installation
 
+You can install the plugin via [NPM](https://www.npmjs.com/package/rollup-plugin-sbom) with your favorite package manager:
+
 ```sh
 npm install --save-dev rollup-plugin-sbom
 pnpm install -D rollup-plugin-sbom
@@ -74,7 +79,15 @@ export default {
 | `generateSerial`    | `false`           | Whether to generate a serial number for the BOM.           |
 | `includeWellKnown`  | `true`            | Whether to generate a SBOM in the `well-known` directory.  |
 
-## Contributors
+## Contributing
+
+The main purpose of this repository is to continue evolving the plugin, making it faster and easier to use. We are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving the plugin.
+
+### Good First Issues
+
+We have a list of [good first issues](https://github.com/janbiasi/rollup-plugin-sbom/labels/good%20first%20issue) that contain bugs that have a relatively limited scope. This is a great place to get started.
+
+### Contributors
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
 
@@ -94,3 +107,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
 <!-- prettier-ignore-end -->
 
 <!-- ALL-CONTRIBUTORS-LIST:END -->
+
+### License
+
+The plugin is licensed under [MIT License](./LICENSE)

package.json

@@ -53,30 +53,30 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@cyclonedx/cyclonedx-library": "6.1.0",
+    "@cyclonedx/cyclonedx-library": "6.3.1",
     "normalize-package-data": "6.0.0"
   },
   "peerDependencies": {
     "rollup": "^3 || ^4"
   },
   "devDependencies": {
-    "@commitlint/cli": "^18.4.3",
-    "@commitlint/config-conventional": "^18.4.3",
-    "@types/node": "^20",
-    "@typescript-eslint/eslint-plugin": "^6.12.0",
-    "@typescript-eslint/parser": "^6.12.0",
-    "@vitest/coverage-v8": "^0.34.6",
-    "ajv": "^8.12.0",
-    "ajv-formats": "^2.1.1",
-    "eslint": "^8.54.0",
-    "fast-xml-parser": "^4.3.2",
+    "@commitlint/cli": "18.6.1",
+    "@commitlint/config-conventional": "18.6.2",
+    "@types/node": "20.11.20",
+    "@typescript-eslint/eslint-plugin": "7.0.2",
+    "@typescript-eslint/parser": "7.0.2",
+    "@vitest/coverage-v8": "1.3.1",
+    "ajv": "8.12.0",
+    "ajv-formats": "2.1.1",
+    "eslint": "8.57.0",
+    "fast-xml-parser": "4.3.5",
     "husky": "9.0.11",
-    "lint-staged": "^15.1.0",
-    "prettier": "3.1.0",
-    "rollup": "4.5.1",
-    "semantic-release": "^22.0.8",
-    "typescript": "5.3.2",
+    "lint-staged": "15.2.2",
+    "prettier": "3.2.5",
+    "rollup": "4.12.0",
+    "semantic-release": "23.0.2",
+    "typescript": "5.3.3",
     "unbuild": "2.0.0",
-    "vitest": "0.34.6"
+    "vitest": "1.3.1"
   }
 }