docs: add community health files

- CONTRIBUTING.md with development setup and guidelines
- CODE_OF_CONDUCT.md (Contributor Covenant v2)
- SECURITY.md with vulnerability disclosure process

Author: swernerx

CODE_OF_CONDUCT.md

@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[s.werner@sebastian-software.de](mailto:s.werner@sebastian-software.de).
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+[homepage]: https://www.contributor-covenant.org
+

CONTRIBUTING.md

@@ -0,0 +1,187 @@
+# Contributing to eslint-plugin-lingui-typescript
+
+First off, thanks for taking the time to contribute! 🎉
+
+## Development Setup
+
+### Prerequisites
+
+- Node.js ≥ 24
+- npm
+
+### Getting Started
+
+```bash
+# Clone the repository
+git clone https://github.com/sebastian-software/eslint-plugin-lingui-typescript.git
+cd eslint-plugin-lingui-typescript
+
+# Install dependencies
+npm install
+
+# Run tests
+npm test
+
+# Run linting
+npm run lint
+
+# Type check
+npm run typecheck
+```
+
+## Project Structure
+
+```
+src/
+├── index.ts              # Plugin entry point
+├── rules/                # ESLint rule implementations
+│   ├── rule-name.ts      # Rule implementation
+│   └── rule-name.test.ts # Rule tests (co-located)
+└── utils/                # Shared utilities
+    └── create-rule.ts    # Rule factory helper
+```
+
+## Adding a New Rule
+
+1. Create the rule file: `src/rules/my-new-rule.ts`
+2. Create the test file: `src/rules/my-new-rule.test.ts`
+3. Export the rule from `src/index.ts`
+4. Add documentation: `docs/rules/my-new-rule.md`
+5. Update `README.md` with the new rule
+
+### Rule Template
+
+```typescript
+import { createRule } from "../utils/create-rule.js"
+
+type MessageId = "myMessageId"
+
+export const myNewRule = createRule<[], MessageId>({
+  name: "my-new-rule",
+  meta: {
+    type: "suggestion",
+    docs: {
+      description: "Description of what the rule does"
+    },
+    messages: {
+      myMessageId: "Error message shown to users"
+    },
+    schema: []
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      // AST visitor methods
+    }
+  }
+})
+```
+
+## Code Style
+
+- **TypeScript**: All code must be written in TypeScript
+- **Prettier**: Code is auto-formatted with Prettier
+- **ESLint**: Follow the project's ESLint configuration
+- **No semicolons**: We use ASI (automatic semicolon insertion)
+- **Double quotes**: Use double quotes for strings
+
+The pre-commit hook will automatically format and lint your code.
+
+## Commit Messages
+
+We use [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+feat(rule-name): add new feature
+fix(rule-name): fix bug description
+docs: update documentation
+refactor: improve code structure
+test: add missing tests
+chore: update dependencies
+```
+
+## Testing
+
+```bash
+# Run all tests
+npm test
+
+# Run tests in watch mode
+npm run test:watch
+
+# Run a specific test file
+npm test -- src/rules/my-rule.test.ts
+```
+
+### Writing Tests
+
+Tests use `@typescript-eslint/rule-tester` with Vitest:
+
+```typescript
+import { RuleTester } from "@typescript-eslint/rule-tester"
+import { afterAll, describe, it } from "vitest"
+import { myRule } from "./my-rule.js"
+
+RuleTester.afterAll = afterAll
+RuleTester.describe = describe
+RuleTester.it = it
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    parserOptions: {
+      projectService: {
+        allowDefaultProject: ["*.ts", "*.tsx"]
+      },
+      tsconfigRootDir: import.meta.dirname
+    }
+  }
+})
+
+ruleTester.run("my-rule", myRule, {
+  valid: [
+    // Valid code examples
+  ],
+  invalid: [
+    // Invalid code examples with expected errors
+  ]
+})
+```
+
+## Pull Request Process
+
+1. Fork the repository and create your branch from `main`
+2. Make your changes and add tests
+3. Ensure all tests pass: `npm test`
+4. Ensure linting passes: `npm run lint`
+5. Ensure type checking passes: `npm run typecheck`
+6. Update documentation if needed
+7. Submit a pull request
+
+### PR Checklist
+
+- [ ] Tests added/updated
+- [ ] Documentation updated
+- [ ] Commit messages follow conventional commits
+- [ ] All CI checks pass
+
+## Releasing
+
+Releases are handled by maintainers using `release-it`:
+
+```bash
+npm run release
+```
+
+This will:
+1. Run all checks (lint, typecheck, test)
+2. Bump the version based on conventional commits
+3. Update the CHANGELOG
+4. Create a git tag
+5. Push to GitHub
+6. Create a GitHub Release
+7. Publish to npm
+
+## Questions?
+
+Feel free to open an issue if you have questions or need help!
+

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+Instead, please email us at: [s.werner@sebastian-software.de](mailto:s.werner@sebastian-software.de)
+
+Please include:
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact
+- Any suggested fixes (if you have them)
+
+## Response Timeline
+
+- We will acknowledge receipt of your report within 48 hours
+- We will provide an initial assessment within 7 days
+- We will work with you to understand and resolve the issue
+- Once fixed, we will publicly acknowledge your contribution (unless you prefer to remain anonymous)
+
+## Scope
+
+This security policy applies to the `eslint-plugin-lingui-typescript` npm package and its source code repository.
+
+Since this is an ESLint plugin that only runs during development/linting (not in production), the attack surface is limited. However, we still take security seriously and appreciate responsible disclosure.
+
+## Best Practices for Users
+
+- Keep your dependencies up to date
+- Use `npm audit` regularly
+- Pin dependencies in production environments
+