		version: 2
		updates:
		# Enable version updates for npm
		- package-ecosystem: "npm"
		directory: "/"
		schedule:
		interval: "weekly"
		day: "monday"
		open-pull-requests-limit: 10
		reviewers:
		- "@prerender/maintainers"
		commit-message:
		prefix: "deps"
		include: "scope"

		# Enable version updates for Express 3 test app
		- package-ecosystem: "npm"
		directory: "/test/support/express3"
		schedule:
		interval: "weekly"
		day: "monday"
		open-pull-requests-limit: 5
		reviewers:
		- "@prerender/maintainers"
		commit-message:
		prefix: "deps(express3-test)"

		# Enable version updates for Express 4 test app
		- package-ecosystem: "npm"
		directory: "/test/support/express4"
		schedule:
		interval: "weekly"
		day: "monday"
		open-pull-requests-limit: 5
		reviewers:
		- "@prerender/maintainers"
		commit-message:
		prefix: "deps(express4-test)"

		# Enable version updates for GitHub Actions
		- package-ecosystem: "github-actions"
		directory: "/"
		schedule:
		interval: "monthly"
		reviewers:
		- "@prerender/maintainers"
		commit-message:
		prefix: "ci"

+96

.github/workflows/publish.yml

		name: Publish to npm

		on:
		push:
		branches:
		- master
		workflow_dispatch:

		concurrency:
		group: npm-publish
		cancel-in-progress: false

		permissions:
		contents: read
		id-token: write

		jobs:
		publish:
		runs-on: ubuntu-latest
		environment: npm-publish
		steps:
		- name: Checkout repository

		uses: actions/checkout@v5

		- name: Setup Node.js
		uses: actions/setup-node@v4
		with:
		node-version: '20'
		registry-url: 'https://registry.npmjs.org'

		- name: Update npm
		run: npm install -g npm@latest

		- name: Install dependencies
		run: npm ci

		- name: Setup test dependencies
		run: \|
		cd test/support/express3 && npm install
		cd ../express4 && npm install

		- name: Run tests
		run: npm test

		- name: Get current version
		id: current-version
		run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT

		- name: Get published version
		id: published-version
		run: \|
		PUBLISHED_VERSION=$(npm view prerender-node version 2>/dev/null \|\| echo "0.0.0")
		echo "version=$PUBLISHED_VERSION" >> $GITHUB_OUTPUT

		- name: Compare versions
		id: version-check
		run: \|
		CURRENT="${{ steps.current-version.outputs.version }}"
		PUBLISHED="${{ steps.published-version.outputs.version }}"

		echo "Current version: $CURRENT"
		echo "Published version: $PUBLISHED"


		SHOULD_PUBLISH=$(node -e "
		const current = '$CURRENT'.split('.').map(Number);
		const published = '$PUBLISHED'.split('.').map(Number);

		for (let i = 0; i < 3; i++) {
		if (current[i] > published[i]) {
		console.log('true');
		process.exit(0);
		}
		if (current[i] < published[i]) {
		console.log('false');
		process.exit(0);
		}
		}
		console.log('false');
		")

		echo "should-publish=$SHOULD_PUBLISH" >> $GITHUB_OUTPUT
		echo "Should publish: $SHOULD_PUBLISH"

		- name: Publish to npm
		if: steps.version-check.outputs.should-publish == 'true'
		run: npm publish --access public --provenance

		- name: Output result
		run: \|
		if [ "${{ steps.version-check.outputs.should-publish }}" == "true" ]; then
		echo "Published version ${{ steps.current-version.outputs.version }} to npm"
		else
		echo "⏭Version ${{ steps.current-version.outputs.version }} already exists-not publishing"
		fi

+56

SECURITY.md

		# Security Policy

		## Supported Versions

		We actively support the following versions of prerender-node with security updates:

		\| Version \| Supported \|
		\| ------- \| ------------------ \|
		\| 3.8.x \| :white_check_mark: \|
		\| 3.7.x \| :white_check_mark: \|
		\| < 3.7 \| :x: \|

		## Reporting a Vulnerability

		We take security vulnerabilities seriously. If you discover a security vulnerability in prerender-node, please report it privately.

		### How to Report

		Please do not report security vulnerabilities through public GitHub issues.

		Instead, please report vulnerabilities by:

		1. Email: Send details to [security@prerender.io](mailto:security@prerender.io)
		2. GitHub Security: Use GitHub's private vulnerability reporting feature

		### What to Include

		Please include the following information in your report:

		- Description of the vulnerability
		- Steps to reproduce the issue
		- Affected versions
		- Potential impact
		- Any suggested fixes (if available)

		### Response Timeline

		- Initial Response: We aim to acknowledge receipt within 24-48 hours
		- Status Update: We will provide regular updates on our investigation
		- Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible

		### Responsible Disclosure

		We kindly ask that you:
		- Give us reasonable time to investigate and fix the vulnerability
		- Do not publicly disclose the vulnerability until we have released a fix
		- Do not exploit the vulnerability or access data beyond what is necessary to demonstrate the issue

		## Security Updates

		Security updates are released as patch versions and announced through:
		- GitHub releases
		- npm advisory database
		- Security advisories on this repository

		Thank you for helping keep prerender-node secure!

+1

-1

index.js

		@@ -342,3 +342,3 @@ var http = require('http')
		prerender.addUserAgents = function(newAgents) {
		var newAgentsArray = Array.isArray(newAgents) ? newAgents : [newAgents];
		const newAgentsArray = Array.isArray(newAgents) ? newAgents : [newAgents];
		newAgentsArray.forEach(agent => {
		@@ -345,0 +345,0 @@ if (!this.crawlerUserAgents.includes(agent)) {

+1

-1

package.json

		{
		"name": "prerender-node",
		"version": "3.8.2",
		"version": "3.8.3",
		"description": "express middleware for serving prerendered javascript-rendered pages for SEO",
		@@ -5,0 +5,0 @@ "author": "Todd Hooper",

+50

-0

README.md

		@@ -186,2 +186,52 @@ Prerender Node [![Build Status](https://travis-ci.org/prerender/prerender-node.png)](https://travis-ci.org/prerender/prerender-node) [![NPM version](https://badge.fury.io/js/prerender-node.png)](http://badge.fury.io/js/prerender-node)

		## Publishing

		This package uses npm Trusted Publisher with GitHub Actions for secure, automated publishing.

		### Publishing Process

		Automatic Publishing: The workflow automatically publishes to npm when:
		- Code is pushed to `main` or `master` branch
		- The version in `package.json` is higher than the current published version
		- All tests pass

		Manual Publishing: Trigger via GitHub Actions "Run workflow" button

		### Workflow Steps

		1. Setup: Checkout code, install Node.js and dependencies
		2. Test: Run full test suite including Express 3/4 integration tests
		3. Version Check: Compare `package.json` version with npm registry
		4. Publish: If version is higher, publish with `--provenance` flag for supply chain security

		To publish a new version:
		1. Update version in `package.json` using `npm version [major\|minor\|patch]`
		2. Push to master branch
		3. GitHub Actions will automatically publish if tests pass

		## Security & Maintenance

		### Automated Dependency Updates
		This repository uses Dependabot to automatically create pull requests for:
		- Security vulnerability fixes
		- Dependency updates for the main package
		- Test dependencies for Express 3 and Express 4 integration tests
		- GitHub Actions workflow updates

		Dependabot runs weekly and creates PRs with conventional commit messages:
		- `deps: update package-name from x.x.x to y.y.y` - Main dependencies
		- `deps(express3-test): update package-name` - Express 3 test app dependencies
		- `deps(express4-test): update package-name` - Express 4 test app dependencies
		- `ci: update actions/checkout from v4 to v5` - GitHub Actions updates

		### Express Version Support
		This middleware is tested against Express 3 and Express 4 to ensure compatibility:
		- `test/support/express3/` - Express 3.x integration tests
		- `test/support/express4/` - Express 4.x integration tests

		Both test apps have separate `package.json` files with their respective Express versions to verify the middleware works correctly across different Express major versions.

		### Security Policy
		For security vulnerabilities, please see our [Security Policy](SECURITY.md). Do not report security issues through public GitHub issues.

		## Contributing
		@@ -188,0 +238,0 @@

prerender-node - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics