metamask-integration/chain138-snap/NEXT_STEPS.md

Chain 138 Snap — Next steps

Completed

• GitHub repo: https://github.com/bis-innovations/chain138-snap (pushed; includes CodeQL workflow, npm README, publish script)
• npm: chain138-snap@0.1.2 published; Snap ID: npm:chain138-snap
• CodeQL: .github/workflows/codeql.yml added; Security → Code scanning will run on push/PR and weekly
• Docs: README on npm, INTEGRATORS.md, PUSH_AND_PUBLISH.md, ALLOWLIST_FORM_FIELDS.md, ALLOWLIST_SOURCE_AND_COMPLIANCE_CHECKLIST.md
• Documentation and FAQs: All Snap-specific docs and FAQs live in this repo. See docs/README.md for the index. Includes: CONTRIBUTING, FAQ, DEPLOY_COMPANION_SITE, RUNBOOK. Proxmox and other proprietary/internal references have been removed from docs and scripts.

Remaining (manual)

1. Submit for allowlist Done — Submitted to MetaMask Snaps Directory; pending review/approval. After allowlisting, the Snap will be installable in standard MetaMask (non-Flask).

2. Dependabot alerts Addressed — Added pnpm overrides and Yarn resolutions for vulnerable transitive deps (cookie, glob, sharp, socket.io, ws, path-to-regexp). Bumped sharp override to ^0.34.5. Snap tests fixed with @types/jest. Re-run Dependabot/audit after pushing; merge any new Dependabot PRs for remaining bumps.

3. Future releases
   Bump version in packages/snap/package.json, then from this repo root run pnpm run publish:snap. Push to GitHub. If this repo is used as a subtree elsewhere, use your usual subtree push (e.g. git subtree push --prefix=chain138-snap chain138-snap main or split + force push if the remote has diverged).