refactor: swap fetch to axios for security

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,70 @@
+name: Bug report
+description: Create a report to help us improve
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+      placeholder: Tell us what you see!
+    validations:
+      required: true
+  - type: textarea
+    id: repro-steps
+    attributes:
+      label: To Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. Fetch a '...'
+        2. Update the '....'
+        3. See error
+    validations:
+      required: true
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: code-snippets
+    attributes:
+      label: Code snippets
+      description: If applicable, add code snippets to help explain your problem.
+      render: JavaScript
+    validations:
+      required: false
+  - type: input
+    id: os
+    attributes:
+      label: OS
+      placeholder: macOS
+    validations:
+      required: true
+  - type: input
+    id: language-version
+    attributes:
+      label: Node version
+      placeholder: Node v16.14.2
+    validations:
+      required: true
+  - type: input
+    id: lib-version
+    attributes:
+      label: Library version
+      placeholder: stripe-node v8.218.0
+    validations:
+      required: true
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Add any other context about the problem here.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Issues
+    url: https://github.com/spencerlepine/printify-sdk-js/discussions
+    about: |
+      If you identify a security issue in the SDK itself, please contact us immediately at [spencer.sayhello@gmail.com](mailto:spencer.sayhello@gmail.com).
+      We encourage responsible disclosure and appreciate your assistance in maintaining the security of this project.
+
+  - name: Printify Issues
+    url: https://printify.com/contacts/
+    about: |
+      If your concern involves more serious issues or is directly related to the Printify platform, please reach out to the Printify team via their contact page: [Printify Contacts](https://printify.com/contacts/).

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,28 @@
+name: Feature request
+description: Suggest an idea for this library
+labels: ["feature-request"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request!
+  - type: textarea
+    id: problem
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+      description: Add any other context about the feature request here.

.github/dependabot.yml

@@ -1,9 +1,7 @@
 version: 2
 updates:
   - package-ecosystem: "npm"
-    directory: "/" # Location of your package.json
+    directory: "/"
     schedule:
-      interval: "weekly" # Check for updates weekly; you can also use "daily" or "monthly"
-    ignore:
-      - dependency-name: "typescript"
-        versions: ["< 5.5.3"] # Ignore versions lower than the current version of TypeScript
+      interval: "weekly"
+    open-pull-requests-limit: 0 # only accept security (CVE) updates 

.github/workflows/npm-publish.yml

@@ -1,9 +1,10 @@
 name: NPM Publish
 
-# Workflow to automate NPM publishing,
-#  - Uses the NPM_TOKEN GitHub secret
-#  - Triggered when a repository 'release' is created
-#  - Runs a dry-run publish, then production publish once the admin approves
+# Workflow: Automated NPM release on GitHub release creation
+# 
+# Prerequisites:
+# - `NPM_TOKEN` with `automation` permissions (generate at [npmjs.org](https://docs.npmjs.com/creating-and-viewing-access-tokens))
+# - `NPM_TOKEN` added to GitHub Repository Secrets
 
 on:
   workflow_dispatch:

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.0] - 2024-11-08
+
+- Replaced `fetch` with `axios` for improved security
+- Applied minor internal refactors for better maintainability
+
 ## [1.0.2] - 2024-10-24
 
 Improved error log for easier debugging

README.md

@@ -31,8 +31,15 @@ pnpm add printify-sdk-js
 > ⚠️ For security purposes, this is intended only for server-side use, the API does not support CORS and will not process requests from a frontend application
 
 ```sh
-$ curl -X GET <https://api.printify.com/v1/shops.json> --header "Authorization: Bearer $PRINTIFY_API_TOKEN"`
-# ref: https://developers.printify.com/#create-a-personal-access-token
+# generate a token: https://printify.com/app/account/api
+export PRINTIFY_API_TOKEN="asdfASDFasdfASDFasdfASDF"
+
+# fetch your shopId
+curl -X GET https://api.printify.com/v1/shops.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN"
+# Expected response: [{"id":1234567,"title":"My Store Name","sales_channel":"custom_integration"}]
+
+# store for process.env.PRINTIFY_API_TOKEN
+echo "PRINTIFY_API_TOKEN=\"$PRINTIFY_API_TOKEN\"" >> .env
 ```
 
 ```js
@@ -42,19 +49,47 @@ import Printify from 'printify-sdk-js';
 const printify = new Printify({
   shopId: '123456', // global query by shop_id
   accessToken: process.env.PRINTIFY_API_TOKEN,
+  enableLogging: true, // on by default
 });
 
-(async () => {
-  const data = {
-    /* ... */
-  };
-  try {
-    const result = await printify.orders.submit(data);
-    console.log(result); // { "id": "5a96f649b2439217d070f507" }
-  } catch (error) {
-    console.error('Error submitting order:', error);
-  }
-})();
+const orderData = {
+  label: order_123456,
+  line_items: [
+    {
+      print_provider_id: '12345',
+      blueprint_id: '67890',
+      variant_id: '112233',
+      print_areas: {
+        front: 'https://example.com/path/to/sticker.png', // **must be public
+      },
+      quantity: 1,
+    },
+    // ...
+  ],
+  shipping_method: 1,
+  is_printify_express: false,
+  is_economy_shipping: false,
+  send_shipping_notification: true, // send email
+  address_to: {
+    first_name: 'John',
+    last_name: 'Doe',
+    email: 'johndoe@gmail.com',
+    phone: '0574 69 21 90',
+    country: 'US',
+    region: 'NY',
+    address1: '123 Main Street',
+    address2: '',
+    city: 'New York',
+    zip: '10001',
+  },
+};
+
+try {
+  const result = await printify.orders.submit(orderData);
+  console.log(result); // { "id": "5a96f649b2439217d070f507" }
+} catch (error) {
+  console.error('Error submitting order:', error);
+}
 ```
 
 ## API

docs/API.md

@@ -8,7 +8,15 @@ The Printify SDK for Node.js. A basic TypeScript wrapper for the Printify REST A
 ## Usage
 
 ```sh
-$ curl -X GET <https://api.printify.com/v1/shops.json> --header "Authorization: Bearer $PRINTIFY_API_TOKEN"`
+# generate a token: https://printify.com/app/account/api
+export PRINTIFY_API_TOKEN="asdfASDFasdfASDFasdfASDF"
+
+# fetch your shopId
+curl -X GET https://api.printify.com/v1/shops.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN"
+# Expected response: [{"id":1234567,"title":"My Store Name","sales_channel":"custom_integration"}]
+
+# store for process.env.PRINTIFY_API_TOKEN
+echo "PRINTIFY_API_TOKEN=\"$PRINTIFY_API_TOKEN\"" >> .env
 ```
 
 ```js
@@ -18,16 +26,47 @@ import Printify from 'printify-sdk-js';
 const printify = new Printify({
   shopId: '123456', // global query by shop_id
   accessToken: process.env.PRINTIFY_API_TOKEN,
+  enableLogging: true, // on by default
 });
 
-(async () => {
-  const data = {
-    /* ... */
-  };
-  const result = await printify.orders.submit(data);
+const orderData = {
+  label: 'order_123456',
+  line_items: [
+    {
+      print_provider_id: '12345',
+      blueprint_id: '67890',
+      variant_id: '112233',
+      print_areas: {
+        front: 'https://example.com/path/to/sticker.png', // **must be public
+      },
+      quantity: 1,
+    },
+    // ...
+  ],
+  shipping_method: 1,
+  is_printify_express: false,
+  is_economy_shipping: false,
+  send_shipping_notification: true, // send email
+  address_to: {
+    first_name: 'John',
+    last_name: 'Doe',
+    email: 'johndoe@gmail.com',
+    phone: '0574 69 21 90',
+    country: 'US',
+    region: 'NY',
+    address1: '123 Main Street',
+    address2: '',
+    city: 'New York',
+    zip: '10001',
+  },
+};
 
+try {
+  const result = await printify.orders.submit(orderData);
   console.log(result); // { "id": "5a96f649b2439217d070f507" }
-})();
+} catch (error) {
+  console.error('Error submitting order:', error);
+}
 ```
 
 ## API