Update README.md

Reviewed-on: #4

.gitea/workflows/ci.yml

@@ -11,29 +11,41 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: 22
-          cache: npm
+          cache: pnpm
+      - name: Setup Task
+        uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1
+        with:
+          version: '3.46.3'
+      - name: Setup environment
+        run: task setup
       - name: Install dependencies
-        run: npm ci
+        run: task install:ci
       - name: Svelte check (fail on warnings)
-        run: bash scripts/check.sh
+        run: task check
 
   build:
     runs-on: ubuntu-latest
     needs: check
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: 22
-          cache: npm
+          cache: pnpm
+      - name: Setup Task
+        uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1
+        with:
+          version: '3.46.3'
+      - name: Setup environment
+        run: task setup
       - name: Install dependencies
-        run: npm ci
+        run: task install:ci
       - name: Build
-        run: bash scripts/build.sh
+        run: task build

.gitea/workflows/docker.yml

@@ -3,10 +3,8 @@ name: Build and Publish Docker Image
 on:
   workflow_dispatch:
   push:
-    branches: [master]
-    tags: ['v*']
-  pull_request:
-    branches: [master]
+    tags:
+      - 'v*'
 
 env:
   REGISTRY: git.quad4.io
@@ -24,18 +22,18 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+        uses: https://git.quad4.io/actions/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
         with:
           platforms: amd64,arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
+        uses: https://git.quad4.io/actions/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Log in to the Container registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
+        uses: https://git.quad4.io/actions/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.REGISTRY_USERNAME }}
@@ -43,7 +41,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
+        uses: https://git.quad4.io/actions/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -56,10 +54,10 @@ jobs:
 
       - name: Build and push Docker image
         id: build
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+        uses: https://git.quad4.io/actions/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
-          file: ./Dockerfile
+          file: ./docker/Dockerfile
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}

.gitea/workflows/npm-publish.yml

@@ -11,26 +11,35 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: '22'
+          cache: pnpm
+
+      - name: Setup Task
+        uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1
+        with:
+          version: '3.46.3'
+
+      - name: Setup environment
+        run: task setup
 
       - name: Install dependencies
-        run: npm ci --registry=https://registry.npmjs.org/
+        run: task install:ci
 
       - name: Package
-        run: make package
+        run: task package
 
       - name: Configure npm for publishing
-        uses: actions/setup-node@v4
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: '22'
           registry-url: 'https://git.quad4.io/api/packages/quad4-software/npm/'
 
       - name: Publish
-        run: npm publish
+        run: task publish
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.gitea/workflows/osv-pr.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: OSV scan
         run: bash scripts/osv_scan.sh

.gitea/workflows/osv-scheduled.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: OSV scan
         run: bash scripts/osv_scan.sh

.gitea/workflows/sbom.yml

@@ -0,0 +1,58 @@
+name: Generate SBOM
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref }}
+
+      - name: Setup Node.js
+        uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Setup Task
+        uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1
+        with:
+          version: '3.46.3'
+
+      - name: Setup environment
+        run: task setup
+
+      - name: Install dependencies
+        run: task install:ci
+
+      - name: Download Trivy
+        run: |
+          curl -L -o /tmp/trivy.deb https://git.quad4.io/Quad4-Extra/assets/raw/commit/90fdcea1bb71d91df2de6ff2e3897f278413f300/bin/trivy_0.68.2_Linux-64bit.deb
+          sudo dpkg -i /tmp/trivy.deb || sudo apt-get install -f -y
+
+      - name: Generate SBOM
+        run: |
+          mkdir -p sbom
+          trivy fs --format spdx-json --include-dev-deps --output sbom/sbom.spdx.json .
+          trivy fs --format cyclonedx --include-dev-deps --output sbom/sbom.cyclonedx.json .
+
+      - name: Commit and Push Changes
+        run: |
+          git config --global user.name "Gitea Action"
+          git config --global user.email "actions@noreply.quad4.io"
+          git remote set-url origin https://${{ secrets.GITEA_TOKEN }}@git.quad4.io/${{ github.repository }}.git
+          git fetch origin master
+          git checkout master
+          git add sbom/
+          git diff --quiet && git diff --staged --quiet || (git commit -m "Auto-update SBOM [skip ci]" && git push origin master)
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+

CHANGELOG.md

@@ -0,0 +1,37 @@
+# Changelog
+
+## 1.4.0 - 2025-12-29
+
+### Major Codebase Changes
+
+- Migrated from `npm` to `pnpm` (v10.25.0)
+- Migrated from `Makefile` to `Taskfile` for all development tasks
+- Updated license from `MIT` to `BSD-3-Clause`
+- Added `license` and `author` fields to `package.json`
+- Moved Dockerfile to `docker/` folder
+- Added Nix flake for development environment
+
+### Features
+
+- Added Task section to README with available tasks
+- Improved README structure
+
+### Security
+
+- Added `eslint-plugin-security` for security linting
+- Updated Docker containers to use specific pnpm version (10.25.0)
+
+### CI/CD Updates
+
+- Updated workflows to use `task` commands
+- Added `setup-task` action to workflows
+- Updated workflows to use full action URLs with commit hashes
+- Updated Docker workflow to reference `docker/Dockerfile`
+- All workflows use pnpm with `--frozen-lockfile`
+
+### Development
+
+- Added `setup` task for enabling corepack
+- Added `install:ci` task for CI dependency installation
+- Updated Taskfile to reference `docker/Dockerfile` for Docker builds
+- Added flake.nix with Task, Node.js 20, and pnpm

LICENSE

@@ -1,22 +1,29 @@
-MIT License
+BSD 3-Clause License
 
 Copyright (c) 2025 Quad4.io
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 

Makefile

@@ -1,44 +0,0 @@
-.PHONY: help install dev build preview check lint format clean docker-build docker-run docker package publish
-
-help:
-	@echo 'Usage: make [target]'
-	@echo ''
-	@echo 'Available targets:'
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  %-15s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-
-dev:
-	npm install
-	npm run dev
-
-build:
-	npm run build
-
-package:
-	npm run package
-
-publish:
-	npm publish
-
-preview:
-	npm run preview
-
-check:
-	npm run check
-
-lint:
-	npm run lint
-
-format:
-	npm run format
-
-clean:
-	rm -rf .svelte-kit build node_modules/.vite dist package
-
-docker-build:
-	docker build -t surveilled .
-
-docker-run:
-	docker run --rm -p 3000:3000 surveilled
-
-docker: docker-build docker-run
-

README.md

@@ -1,11 +1,11 @@
 # Surveilled
 
-<img src="showcase/surveilled.png" alt="showcase image" width="900">
+A map of cameras in the world using OpenStreetMap overpass data.
+
+<img src="https://git.quad4.io/Quad4-Software/Surveilled/raw/commit/70503fcb56994c4c1bb019dfbcc3b589ebd94039/showcase/surveilled.png" alt="showcase image" width="900">
 
 Check out the live website at [surveilled.quad4.io](https://surveilled.quad4.io)
 
-A map of cameras in the world using OpenStreetMap overpass data.
-
 ## Disclaimer
 
 Data is fetched from OSM Overpass and may not be accurate or up to date as this data is community-sourced.
@@ -16,69 +16,126 @@ Data is fetched from OSM Overpass and may not be accurate or up to date as this
 - Measure distance between two points/cameras
 - Export or copy GeoJSON of cameras in an area
 - Customize Nominatim, Overpass, and Tile endpoints
-- No reliance on external CDNs or Google fonts.
+- No reliance on external CDNs or Google fonts
 - PWA installable
 - Mobile-friendly
 
-## Self-hosting
+## Quick Start
 
-### NPM
-
-coming soon
-
-### Docker
+### Using Docker
 
 ```sh
 docker run -p 3000:3000 git.quad4.io/quad4-software/surveilled:latest
 ```
 
-### Podman
+Then open your browser at `http://localhost:3000`
+
+### Using Podman
 
 ```sh
 podman run -p 3000:3000 git.quad4.io/quad4-software/surveilled:latest
 ```
 
+Then open your browser at `http://localhost:3000`
+
+### Using PNPM
+
+```sh
+pnpm config set @quad4:registry=https://git.quad4.io/api/packages/Quad4-Software/npm/
+pnpm install -g @quad4/surveilled
+surveilled
+```
+
+Or with custom port and host:
+
+```sh
+PORT=8080 HOST=0.0.0.0 surveilled
+```
+
 ## Development
 
+### Prerequisites
+
+- Node.js `>=18.0.0`
+- pnpm `>=10.25.0`
+
+### Setup
+
 ```sh
 git clone https://git.quad4.io/Quad4-Software/Surveilled
 cd Surveilled
+pnpm install
 ```
 
-### NPM
+### Task
 
-```sh
-npm install
-npm run dev
+The project uses [Task](https://taskfile.dev/) for all development tasks.
+
+```
+| Task          | Description                           |
+|---------------|---------------------------------------|
+| default       | Show available tasks                  |
+| dev           | Run development server                |
+| build         | Build the application                 |
+| package       | Package the application               |
+| publish       | Publish to npm registry               |
+| preview       | Preview production build              |
+| check         | Run type checking                     |
+| lint          | Run linter                            |
+| format        | Format code                           |
+| clean         | Clean build artifacts                 |
+| docker-build  | Build Docker image                    |
+| docker-run    | Run Docker container                  |
+| docker        | Build and run Docker container        |
+| podman-build  | Build Podman image                    |
+| podman-run    | Run Podman container                  |
+| podman        | Build and run Podman container        |
+| scan          | Scan container image with trivy       |
+| sbom          | Generate SBOM with trivy              |
+| version:minor | Bump version minor                    |
+| version:major | Bump version major                    |
+| setup         | Setup development environment         |
+| install       | Install dependencies                  |
+| install:ci    | Install dependencies for CI           |
+
+example: task dev
+you might nee to set alias alias task=`go-task`
 ```
 
-### Makefile
-
-```sh
-make dev
-```
-
-#### Check/Lint/Format
-
-```sh
-make check
-make lint
-make format
-```
-
-## Building Docker Image
+## Building Container Image
 
 Uses Chainguard Images which are rootless and very minimal images.
 
+### Using Docker
+
 ```sh
-docker build -t surveilled .
-docker run --rm -p 3000:3000 surveilled
+task docker-build
+task docker-run
+```
+
+Or use the combined task:
+
+```sh
+task docker
+```
+
+### Using Podman
+
+```sh
+task podman-build
+task podman-run
+```
+
+Or use the combined task:
+
+```sh
+task podman
 ```
 
 ## Contributing
 
 Send email to [team@quad4.io](mailto:team@quad4.io) with your feedback or any issues you may have.
 
-## LICENSE
+## License
 
-[MIT](LICENSE)
+[BSD 3-Clause](LICENSE)

Taskfile.yml

@@ -0,0 +1,118 @@
+version: '3'
+
+tasks:
+  default:
+    desc: Show available tasks
+    cmds:
+      - task --list
+
+  dev:
+    desc: Run development server
+    cmds:
+      - pnpm install
+      - pnpm run dev
+
+  build:
+    desc: Build the application
+    cmds:
+      - pnpm run build
+
+  package:
+    desc: Package the application
+    cmds:
+      - pnpm run package
+
+  publish:
+    desc: Publish to npm registry
+    cmds:
+      - pnpm publish --no-git-checks
+
+  preview:
+    desc: Preview production build
+    cmds:
+      - pnpm run preview
+
+  check:
+    desc: Run type checking
+    cmds:
+      - pnpm run check
+
+  lint:
+    desc: Run linter
+    cmds:
+      - pnpm run lint
+
+  format:
+    desc: Format code
+    cmds:
+      - pnpm run format
+
+  clean:
+    desc: Clean build artifacts
+    cmds:
+      - rm -rf .svelte-kit build node_modules/.vite dist package
+
+  docker-build:
+    desc: Build Docker image
+    cmds:
+      - docker build -f docker/Dockerfile -t surveilled .
+
+  docker-run:
+    desc: Run Docker container
+    cmds:
+      - docker run --rm -p 3000:3000 surveilled
+
+  docker:
+    desc: Build and run Docker container
+    deps: [docker-build, docker-run]
+
+  podman-build:
+    desc: Build Podman image
+    cmds:
+      - podman build -f docker/Dockerfile -t surveilled .
+
+  podman-run:
+    desc: Run Podman container
+    cmds:
+      - podman run --rm -p 3000:3000 surveilled
+
+  podman:
+    desc: Build and run Podman container
+    deps: [podman-build, podman-run]
+
+  scan:
+    desc: Scan container image with trivy
+    cmds:
+      - trivy image --scanners vuln surveilled
+
+  sbom:
+    desc: Generate SBOM with trivy
+    cmds:
+      - mkdir -p sbom
+      - trivy fs --format spdx-json --include-dev-deps --output sbom/sbom.spdx.json .
+      - trivy fs --format cyclonedx --include-dev-deps --output sbom/sbom.cyclonedx.json .
+
+  setup:
+    desc: Setup development environment
+    cmds:
+      - corepack enable
+
+  install:
+    desc: Install dependencies
+    cmds:
+      - pnpm install
+
+  install:ci:
+    desc: Install dependencies for CI (frozen lockfile)
+    cmds:
+      - pnpm install --frozen-lockfile
+
+  version:minor:
+    desc: Bump version minor
+    cmds:
+      - pnpm version minor
+
+  version:major:
+    desc: Bump version major
+    cmds:
+      - pnpm version major

bin/surveilled.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+
+process.env.HOST = process.env.HOST || '127.0.0.1';
+process.env.PORT = process.env.PORT || '3000';
+
+import '../build/index.js';

docker/Dockerfile

@@ -2,23 +2,29 @@ FROM cgr.dev/chainguard/node:latest-dev AS builder
 
 WORKDIR /app
 
-COPY --chown=node:node package.json package-lock.json ./
-RUN npm ci
+USER root
+RUN corepack enable && corepack prepare pnpm@10.25.0 --activate
+USER node
 
-RUN npm install --save-dev @sveltejs/adapter-node@latest
+COPY --chown=node:node package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+RUN pnpm add -D @sveltejs/adapter-node@latest
 
 COPY --chown=node:node . .
 COPY --chown=node:node svelte.config.docker.js svelte.config.js
 
-RUN npm run build
+RUN pnpm run build
+
+RUN rm -rf node_modules && \
+    pnpm install --prod --frozen-lockfile && \
+    pnpm store prune
 
 FROM cgr.dev/chainguard/node:latest AS runtime
 
 WORKDIR /app
 
-COPY --from=builder --chown=node:node /app/package.json /app/package-lock.json ./
-RUN npm install --omit=dev && \
-    npm cache clean --force
+COPY --from=builder --chown=node:node /app/node_modules ./node_modules
 
 COPY --from=builder --chown=node:node /app/build ./build
 COPY --from=builder --chown=node:node /app/package.json ./

eslint.config.js

@@ -3,6 +3,7 @@ import tsPlugin from '@typescript-eslint/eslint-plugin';
 import tsParser from '@typescript-eslint/parser';
 import sveltePlugin from 'eslint-plugin-svelte';
 import svelteParser from 'svelte-eslint-parser';
+import securityPlugin from 'eslint-plugin-security';
 
 export default [
 	js.configs.recommended,
@@ -43,9 +44,11 @@ export default [
 		plugins: {
 			'@typescript-eslint': tsPlugin,
 			svelte: sveltePlugin,
+			security: securityPlugin,
 		},
 		rules: {
 			...tsPlugin.configs.recommended.rules,
+			...securityPlugin.configs.recommended.rules,
 		},
 	},
 	{
@@ -63,6 +66,14 @@ export default [
 			...sveltePlugin.configs.recommended.rules,
 		},
 	},
+	{
+		files: ['bin/**/*.js'],
+		languageOptions: {
+			globals: {
+				process: 'readonly',
+			},
+		},
+	},
 	{
 		ignores: ['node_modules/**', '.svelte-kit/**', 'build/**', 'dist/**', 'archive/**'],
 	},

flake.lock

@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1766902085,
+        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,57 @@
+{
+  description = "Surveilled development environment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs {
+          inherit system;
+        };
+
+        task = pkgs.buildGoModule rec {
+          pname = "task";
+          version = "3.46.3";
+
+          src = pkgs.fetchFromGitHub {
+            owner = "go-task";
+            repo = "task";
+            rev = "v${version}";
+            hash = "sha256-1bS8ZZAcemgRG7PTeGTFfd49T9u6U6CxxrbotwCM15A=";
+          };
+
+          vendorHash = "sha256-Tm0tqureCRwcP5KKDTa9TO1yZ3Px3ulf9/jKQDDTjDw=";
+          subPackages = [ "cmd/task" ];
+
+          doCheck = false;
+
+          meta = with pkgs.lib; {
+            description = "A task runner / simpler Make alternative written in Go";
+            homepage = "https://taskfile.dev/";
+            license = licenses.mit;
+            maintainers = with maintainers; [ ];
+          };
+        };
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          buildInputs = with pkgs; [
+            task
+            nodejs_20
+            nodePackages.pnpm
+          ];
+
+          shellHook = ''
+            echo "Surveilled Development Environment"
+            echo "Task version: $(task --version 2>/dev/null || echo 'installed')"
+            echo "Node version: $(node --version)"
+            echo "pnpm version: $(pnpm --version)"
+          '';
+        };
+      });
+}
+

package.json

@@ -1,10 +1,26 @@
 {
 	"name": "@quad4/surveilled",
-	"version": "1.2.0",
+	"version": "1.4.0",
+	"license": "BSD-3-Clause",
+	"author": "Quad4",
 	"type": "module",
+	"main": "./dist/index.js",
+	"types": "./dist/index.d.ts",
+	"bin": {
+		"surveilled": "./bin/surveilled.js"
+	},
+	"engines": {
+		"node": ">=18.0.0"
+	},
+	"packageManager": "pnpm@10.25.0",
 	"publishConfig": {
 		"registry": "https://git.quad4.io/api/packages/quad4-software/npm/"
 	},
+	"pnpm": {
+		"overrides": {
+			"cookie": "1.1.1"
+		}
+	},
 	"exports": {
 		".": {
 			"types": "./dist/index.d.ts",
@@ -13,8 +29,10 @@
 		}
 	},
 	"files": [
-		"dist",
-		"package",
+		"dist/**/*",
+		"build/**/*",
+		"bin/**/*",
+		"package/**/*",
 		"README.md",
 		"LICENSE"
 	],
@@ -23,36 +41,39 @@
 		"build": "VITE_APP_VERSION=$(node -p \"require('./package.json').version\") vite build",
 		"preview": "VITE_APP_VERSION=$(node -p \"require('./package.json').version\") vite preview",
 		"prepare": "svelte-kit sync || echo ''",
+		"start": "HOST=127.0.0.1 PORT=3000 node build",
 		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
 		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
 		"format": "prettier --write .",
 		"lint": "eslint .",
-		"package": "svelte-kit sync && svelte-package"
+		"package": "svelte-kit sync && svelte-package && vite build"
 	},
 	"devDependencies": {
 		"@eslint/js": "^9.39.2",
 		"@sveltejs/adapter-auto": "^7.0.0",
+		"@sveltejs/adapter-node": "^5.4.0",
 		"@sveltejs/kit": "^2.49.1",
 		"@sveltejs/package": "^2.3.9",
 		"@sveltejs/vite-plugin-svelte": "^6.2.1",
 		"@typescript-eslint/eslint-plugin": "^8.50.1",
 		"@typescript-eslint/parser": "^8.50.1",
+		"autoprefixer": "^10.4.23",
 		"eslint": "^9.39.2",
+		"eslint-plugin-security": "^3.0.1",
 		"eslint-plugin-svelte": "^3.13.1",
+		"postcss": "^8.5.6",
 		"prettier": "^3.7.4",
 		"prettier-plugin-svelte": "^3.4.1",
 		"svelte": "^5.45.6",
 		"svelte-check": "^4.3.4",
 		"svelte-eslint-parser": "^1.4.1",
+		"tailwindcss": "^3.4.19",
 		"typescript": "^5.9.3",
 		"vite": "^7.2.6",
 		"vite-plugin-pwa": "^1.2.0"
 	},
 	"dependencies": {
-		"autoprefixer": "^10.4.23",
 		"lucide-svelte": "^0.562.0",
-		"ol": "^10.7.0",
-		"postcss": "^8.5.6",
-		"tailwindcss": "^3.4.19"
+		"ol": "^10.7.0"
 	}
 }

renovate.json

@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}

scripts/build.sh

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-echo "Building app..."
-VITE_APP_VERSION=$(node -p "require('./package.json').version") npm run build
-

scripts/check.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-echo "Running Svelte sync..."
-npx svelte-kit sync
-
-echo "Running svelte-check (fail on errors)..."
-npx svelte-check --tsconfig ./tsconfig.json
-

src/lib/map.ts

@@ -1,3 +1,4 @@
+/* eslint-disable security/detect-object-injection */
 import Map from 'ol/Map.js';
 import View from 'ol/View.js';
 import { fromLonLat, toLonLat, transformExtent } from 'ol/proj.js';

src/routes/+page.svelte

@@ -1,4 +1,5 @@
 <script lang="ts">
+	/* eslint-disable security/detect-object-injection */
 	import { onMount, onDestroy, tick } from 'svelte';
 	import { replaceState } from '$app/navigation';
 	import Map from 'ol/Map.js';
@@ -1599,7 +1600,7 @@
 							rel="noopener noreferrer"
 							class="text-accent-red-light hover:underline">Quad4</a
 						>
-						- Open-Source MIT
+						- Open-Source BSD 3-Clause
 						<a
 							href="https://git.quad4.io/Quad4-Software/Surveilled"
 							target="_blank"

svelte.config.js

@@ -1,4 +1,4 @@
-import adapter from '@sveltejs/adapter-auto';
+import adapter from '@sveltejs/adapter-node';
 import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
 
 /** @type {import('@sveltejs/kit').Config} */
@@ -8,9 +8,7 @@ const config = {
 	preprocess: vitePreprocess(),
 
 	kit: {
-		// adapter-auto only supports some environments, see https://svelte.dev/docs/kit/adapter-auto for a list.
-		// If your environment is not supported, or you settled on a specific environment, switch out the adapter.
-		// See https://svelte.dev/docs/kit/adapters for more information about adapters.
+		// adapter-node creates a Node.js server
 		adapter: adapter(),
 	},
 };