No commit message

README.md

@@ -16,9 +16,12 @@ _This plugin requires a Rust version of at least **1.77.2**_
 
 There are three general methods of installation that we can recommend.
 
-1. Use crates.io and npm (easiest, and requires you to trust that our publishing pipeline worked)
-2. Pull sources directly from Github using git tags / revision hashes (most secure)
-3. Git submodule install this repo in your tauri project and then use file protocol to ingest the source (most secure, but inconvenient to use)
+1. Use crates.io and npm (easiest, and requires you to trust that our publishing
+   pipeline worked)
+2. Pull sources directly from Github using git tags / revision hashes (most
+   secure)
+3. Git submodule install this repo in your tauri project and then use file
+   protocol to ingest the source (most secure, but inconvenient to use)
 
 Install the Core plugin by adding the following to your `Cargo.toml` file:
 
@@ -31,9 +34,12 @@ tauri-plugin-fs = "2.0.0"
 tauri-plugin-fs = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "v2" }
 ```
 
-You can install the JavaScript Guest bindings using your preferred JavaScript package manager:
+You can install the JavaScript Guest bindings using your preferred JavaScript
+package manager:
 
-> Note: Since most JavaScript package managers are unable to install packages from git monorepos we provide read-only mirrors of each plugin. This makes installation option 2 more ergonomic to use.
+> Note: Since most JavaScript package managers are unable to install packages
+> from git monorepos we provide read-only mirrors of each plugin. This makes
+> installation option 2 more ergonomic to use.
 
 ```sh
 pnpm add @tauri-apps/plugin-fs
@@ -65,17 +71,19 @@ fn main() {
 }
 ```
 
-Afterwards all the plugin's APIs are available through the JavaScript guest bindings:
+Afterwards all the plugin's APIs are available through the JavaScript guest
+bindings:
 
 ```javascript
-import { metadata } from '@tauri-apps/plugin-fs'
+import { metadata } from "@tauri-apps/plugin-fs";
 
-await metadata('/path/to/file')
+await metadata("/path/to/file");
 ```
 
 ## Contributing
 
-PRs accepted. Please make sure to read the Contributing Guide before making a pull request.
+PRs accepted. Please make sure to read the Contributing Guide before making a
+pull request.
 
 ## Partners
 
@@ -91,7 +99,9 @@ PRs accepted. Please make sure to read the Contributing Guide before making a pu
   </tbody>
 </table>
 
-For the complete list of sponsors please visit our [website](https://tauri.app#sponsors) and [Open Collective](https://opencollective.com/tauri).
+For the complete list of sponsors please visit our
+[website](https://tauri.app#sponsors) and
+[Open Collective](https://opencollective.com/tauri).
 
 ## License
 

SECURITY.md

@@ -2,48 +2,59 @@
 
 **Do not report security vulnerabilities through public GitHub issues.**
 
-**Please use the [Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) feature of GitHub.**
+**Please use the
+[Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability)
+feature of GitHub.**
 
 Include as much of the following information:
 
-- Type of issue (e.g. improper input parsing, privilege escalation, etc.)
-- The location of the affected source code (tag/branch/commit or direct URL)
-- Any special configuration required to reproduce the issue
-- The distribution affected or used to help us with reproduction of the issue
-- Step-by-step instructions to reproduce the issue
-- Ideally a reproduction repository
-- Impact of the issue, including how an attacker might exploit the issue
+-   Type of issue (e.g. improper input parsing, privilege escalation, etc.)
+-   The location of the affected source code (tag/branch/commit or direct URL)
+-   Any special configuration required to reproduce the issue
+-   The distribution affected or used to help us with reproduction of the issue
+-   Step-by-step instructions to reproduce the issue
+-   Ideally a reproduction repository
+-   Impact of the issue, including how an attacker might exploit the issue
 
 We prefer to receive reports in English.
 
 ## Contact
 
-Please disclose a vulnerability or security relevant issue here: [https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new).
+Please disclose a vulnerability or security relevant issue here:
+[https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new).
 
-Alternatively, you can also contact us by email via [[email protected]](mailto:[email protected]).
+Alternatively, you can also contact us by email via
+[[email protected]](mailto:[email protected]).
 
 ## Threat Model
 
-This plugin possibly allows access to the full filesystem available to the application process.
-Depending on the operating system the access is already confined (android/ios) to only certain locations.
-In other operating systems like Linux/MacOS/Windows it depends on the installation and packaging method but in most cases full
-access is granted.
+This plugin possibly allows access to the full filesystem available to the
+application process. Depending on the operating system the access is already
+confined (android/ios) to only certain locations. In other operating systems
+like Linux/MacOS/Windows it depends on the installation and packaging method but
+in most cases full access is granted.
 
-To prevent exposure of sensitive locations and data this plugin can be scoped to only allow certain base directories
-or only access to specific files or subdirectories.
-This scoping effectively affects only calls made from the webviews/frontend code and calls made from rust can always circumvent
-the restrictions imposed by the scope.
+To prevent exposure of sensitive locations and data this plugin can be scoped to
+only allow certain base directories or only access to specific files or
+subdirectories. This scoping effectively affects only calls made from the
+webviews/frontend code and calls made from rust can always circumvent the
+restrictions imposed by the scope.
 
-The scope is defined at compile time in the used permissions but the user or application developer can grant or revoke access to specific files or folders at runtime by modifying the scope state through the runtime authority, if configured during plugin initialization.
+The scope is defined at compile time in the used permissions but the user or
+application developer can grant or revoke access to specific files or folders at
+runtime by modifying the scope state through the runtime authority, if
+configured during plugin initialization.
 
 ### Security Assumptions
 
-- The filesystem access is limited by user permissions
-- The operating system filesystem access confinment works as documented
-- The scoping mechanism of the Tauri `fs` commands work as intended and has no bypasses
-- The user or application developer can grant or revoke access to specific files at runtime by modifying the scope
+-   The filesystem access is limited by user permissions
+-   The operating system filesystem access confinment works as documented
+-   The scoping mechanism of the Tauri `fs` commands work as intended and has no
+    bypasses
+-   The user or application developer can grant or revoke access to specific
+    files at runtime by modifying the scope
 
 #### Out Of Scope
 
-- Exploits in underlying filesystems
-- Exploits in the underlying rust `std::fs` library
+-   Exploits in underlying filesystems
+-   Exploits in the underlying rust `std::fs` library