.dockerignore

+**/node_modules

.eslintignore

 **/_build
 **/node_modules
 **/coverage
-packages/ui/styleguide
+**/dist
+packages/styleguide/styleguide

.eslintrc

@@ -19,12 +19,8 @@
       "enforceForRenamedProperties": false
     }],
     "global-require": 0,
-    "jsx-a11y/anchor-is-valid": 0,
-    "jsx-a11y/click-events-have-key-events": 0,
-    "jsx-a11y/label-has-for": 0,
-    "jsx-a11y/no-static-element-interactions": 0,
     "import/no-dynamic-require": 0,
-    "import/no-extraneous-dependencies": 0,
+    "import/no-extraneous-dependencies": ["error", {"devDependencies": false }],
     "import/no-named-as-default": 0,
     "import/no-named-as-default-member": 0,
     "import/prefer-default-export": 0,
@@ -38,5 +34,11 @@
     "react/prop-types": 0,
     "react/require-default-props": 0,
     "sort-keys": 0
-  }
+  },
+  "overrides": [{
+    "files": ["*_test.js", "*.test.js", "*.test.jsx", "**/test/**/*.js"],
+    "rules": {
+      "import/no-extraneous-dependencies": "off"
+    }
+  }]
 }

.gitignore

-node_modules
-*.log
-
-# Created by https://www.gitignore.io/api/osx,linux
-
-### Linux ###
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-
-### OSX ###
-*.DS_Store
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-
-# Thumbnails
-._*
-
-# Files that might appear in the root of a volume
-.DocumentRevisions-V100
-.fseventsd
-.Spotlight-V100
-.TemporaryItems
-.Trashes
-.VolumeIcon.icns
-.com.apple.timemachine.donotpresent
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
-
-# End of https://www.gitignore.io/api/osx,linux
-
-node_modules/
+node_modules
+coverage
+*.log
+coverage/
+uploads/
+dist/
+docs/styleguide
+# Created by https://www.gitignore.io/api/osx,linux
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### OSX ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# webpack build
+_build
+.vscode

.gitlab-ci.yml

 variables:
   IMAGE_ORG: pubsweet
   IMAGE_NAME: pubsweet
-  BASE_DOMAIN: gateway.ps.semioticsquares.com
-  CONFIGURATION_REPOSITORY: https://gitlab.coko.foundation/pubsweet/deployment-config.git
+  DOCKER_TLS_CERTDIR: "/certs"
 
 stages:
   - build
   - test
   - review
-  - staging
+  - audit
   - production
-  - demo
 
 build:
-  image: docker:latest
+  image: docker:19.03.1
+  services:
+    - docker:19.03.1-dind
   stage: build
+  except:
+    - tags
   script:
     - docker version
     - docker build -t $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA .
@@ -22,28 +24,89 @@ build:
     - docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD
     - echo "Ignore warning! Cannot perform an interactive login from a non TTY device"
     - docker push $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+    # - echo "Building XSweet job runner image"
+    # - docker build -t pubsweet/job-xsweet:$CI_COMMIT_SHA components/server/job-xsweet
+    # - docker push pubsweet/job-xsweet:$CI_COMMIT_SHA
+
+pages:
+  image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+  stage: production
+  script:
+    - cd ${HOME}
+    - yarn styleguide:build
+    - cp -R docs/styleguide/ /builds/pubsweet/pubsweet/public/
+  artifacts:
+    paths:
+      - public/
+  only:
+    - master # this job will affect only the 'master' branch
+
+pages:review:
+  image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+  stage: review
+  script:
+    - cd ${HOME}
+    - yarn styleguide:build
+    - cp -R docs/styleguide/ /builds/pubsweet/pubsweet/review/
+  artifacts:
+    paths:
+      - review/
+  except:
+  - master
+  environment:
+    name: review/$CI_COMMIT_REF_NAME
+    url: http://$CI_PROJECT_NAMESPACE.coko.foundation/-/$CI_PROJECT_NAME/-/jobs/$CI_JOB_ID/artifacts/review/index.html
+
+audit:
+  image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+  stage: audit
+  allow_failure: true
+  except:
+    - tags
+  variables:
+    GIT_STRATEGY: none
+  script:
+    - cd ${HOME}
+    - yarn audit
 
 lint:style:
   image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
   stage: test
+  except:
+    - tags
   variables:
     GIT_STRATEGY: none
   script:
     - cd ${HOME}
-    - npm run lint:style
+    - yarn lint:style
 
 lint:js:
   image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
   stage: test
+  except:
+    - tags
+  variables:
+    GIT_STRATEGY: none
+  script:
+    - cd ${HOME}
+    - yarn lint:js
+
+lint:json:
+  image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+  stage: test
+  except:
+    - tags
   variables:
     GIT_STRATEGY: none
   script:
     - cd ${HOME}
-    - npm run lint:js
+    - yarn lint:json
 
 lint:commits:
    image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
    stage: test
+   except:
+     - tags
    script:
      - cp -r .git ${HOME}/ && cd ${HOME}
      - yarn commitlint --from=origin/master --to=$CI_COMMIT_SHA
@@ -52,98 +115,45 @@ test:
   image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
   stage: test
   variables:
+    # don't clone repo as image already has it
     GIT_STRATEGY: none
-  script:
-    - cd ${HOME}
-    - NODE_ENV=test npm run test
-
-# if tests pass we will push latest, labelled with current commit hash
-push:latest:
-  image: docker:latest
-  stage: staging
-  script:
-    - if [ -z "$DOCKERHUB_USERNAME" ] || [ -z "$DOCKERHUB_PASSWORD" ]; then echo "Not pushing" && exit 0; fi
-    - docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD
-    - echo "Ignore warning! Cannot perform an interactive login from a non TTY device"
-    - docker build -t $IMAGE_ORG/$IMAGE_NAME:latest --label COMMIT_SHA=$CI_COMMIT_SHA .
-    - docker push $IMAGE_ORG/$IMAGE_NAME:latest
-  only:
-  - master
-
-# -----------------------------------------------
-# ui --------------------------------------------
-# -----------------------------------------------
-
-review:ui:
-  image: pubsweet/deployer:latest
-  stage: review
-  variables:
-    PACKAGE_NAME: ui
-  environment:
-    name: $PACKAGE_NAME/review/$CI_COMMIT_REF_NAME
-    # !! kube-lego will fail if domain > 63 chars
-    url: "http://${CI_ENVIRONMENT_SLUG}.${BASE_DOMAIN}"
-    on_stop: stop_review:ui
-  except:
-  - master
-  script:
-    - source deploy.sh
-    - create_deployment
-
-stop_review:ui:
-  image: pubsweet/deployer:latest
-  stage: review
-  variables:
-    PACKAGE_NAME: ui
-    GIT_STRATEGY: none
-  environment:
-    name: $PACKAGE_NAME/review/$CI_COMMIT_REF_NAME
-    action: stop
-  when: manual
+    # setup data for postgres image
+    POSTGRES_USER: test
+    POSTGRES_PASSWORD: pw
+    # connection details for tests
+    PGUSER: test
+    PGPASSWORD: pw
+    NODE_ENV: test
+  services:
+    - postgres
   except:
-  - master
-  script:
-    - source deploy.sh
-    - delete_deployment
-
-staging:ui:
-  image: pubsweet/deployer:latest
-  stage: staging
-  variables:
-    PACKAGE_NAME: ui
-  environment:
-    name: $PACKAGE_NAME/staging
-    url: "https://${CI_ENVIRONMENT_SLUG}.${BASE_DOMAIN}"
-  only:
-  - master
-  script:
-    - source deploy.sh
-    - create_deployment
-
-production:ui:
-  image: pubsweet/deployer:latest
-  stage: production
-  variables:
-    PACKAGE_NAME: ui
-  environment:
-    name: $PACKAGE_NAME/production
-    url: "https://${CI_ENVIRONMENT_SLUG}.${BASE_DOMAIN}"
-  when: manual
-  only:
-  - master
+    - tags
   script:
-    - source deploy.sh
-    - create_deployment
+    - cd ${HOME}
+    # specify host here else it confuses the linked postgres image
+    - PGHOST=postgres yarn test
 
-demo:ui:
-  image: pubsweet/deployer:latest
-  stage: demo
-  variables:
-    PACKAGE_NAME: ui
-  environment:
-    name: $PACKAGE_NAME/demo
-    url: "https://${CI_ENVIRONMENT_SLUG}.${BASE_DOMAIN}"
-  when: manual
-  script:
-    - source deploy.sh
-    - create_deployment
+# Reenable this once GitLab docker networking is sorted:
+# https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/1041
+# test:job-xsweet:
+#   image: $IMAGE_ORG/$IMAGE_NAME:$CI_COMMIT_SHA
+#   stage: test
+#   variables:
+#     # don't clone repo as image already has it
+#     GIT_STRATEGY: none
+#     # setup data for postgres image
+#     POSTGRES_USER: test
+#     POSTGRES_PASSWORD: pw
+#     # connection details for tests
+#     PGUSER: test
+#     PGPASSWORD: pw
+#     NODE_ENV: test
+#     DATABASE_URL: postgres://test:pw@postgres/test
+#   services:
+#     - postgres
+#     - pubsweet/job-xsweet
+#   except:
+#     - tags
+#   script:
+#     - cd ${HOME}
+#     - PGHOST=postgres cd components/server/job-xsweet && yarn jest --testRegex test/standaloneXsweetTest.js

.gitlab/issue_templates/Bug.md

+**Describe the bug**
+
+...
+
+**Steps To Reproduce**
+
+**Expected behavior**
+
+...
+
+**Screenshots**
+
+If applicable, add screenshots to help explain your problem.
+
+**Device, Operating System and Browser**
+

.gitlab/issue_templates/Feature Request.md

+[Template for request for comments (RFC) on feature proposals]
+
+# RFC: Feature proposal: [Title]
+
+## Context
+
+[Give the necessary context for your proposal. For example, what problem will this feature solve for users? What are the use cases, benefits, and goals?]
+
+## Proposal
+
+[A precise statement of the proposed feature.]
+
+## Design
+
+[Include sketch or wireframes of the UI changes necessary for this feature]
+
+## Implementation (if applicable)
+
+[A description of the steps to implement the feature.]
+
+## Alternative approaches (if applicable)
+
+[Include any alternatives to meet this use case.]
+
+## Open issues (if applicable)
+
+[Links to and a discussion of related issues, if applicable.]

.gitlab/merge_request_templates/Default.md

+#### Background
+
+What does this MR do?
+
+#### Any relevant issue
+
+Please use the phrase 'closes' if it will close an issue.
+
+#### How has this been tested?
+
+**Reviewers** ensure that these test requirements are also reviewed.
+
+Please indicate the need for this change to be tested. If not please justify, if so then at what levels. 
+
+- [ ] Unit / Integration tests
+- [ ] Browser tests
+- [ ] E2E tests
+
+#### Documentation updates
+
+- [ ] New features to document
+- [ ] Updating existing documentation if needed
+

.lintstagedrc

 {
-  "*.{js,jsx}": ["prettier --write", "eslint --fix", "git add"],
-  "*.{css,scss}": ["prettier --write", "stylelint", "git add"],
+  linters: {"*.{js,jsx}": ["prettier --write", "eslint --fix", "git add"],
+  "*.{js, jsx}": ["prettier --write", "stylelint", "git add"],
   "*.{json,md}": ["prettier --write", "git add"]
+  },
+  ignore: ["**/CHANGELOG.md"]
 }

.prettierignore

+package.json
+.config/configstore/update-notifier-npm.json
+coverage/

.stylelintignore

 **/_build
 **/node_modules
 **/coverage
-packages/ui/styleguide
+docs/

.stylelintrc

 {
-  "extends": ["stylelint-config-pubsweet", "stylelint-config-prettier"]
+  "processors": ["stylelint-processor-styled-components"],
+  "extends": ["stylelint-config-recommended", "stylelint-config-styled-components"]
 }

CONTRIBUTING → CONTRIBUTING.md

-CONTRIBUTING
+# CONTRIBUTING
 
-Branches
+PubSweet is both an open source software project (https://gitlab.coko.foundation/pubsweet/pubsweet) and an open community, part of the broader Collaborative Knowledge Foundation (https://coko.foundation/) (Coko) community. We welcome people of all kinds to join the community and contribute with knowledge, skills, expertise. Everyone is welcome in our chat room (https://mattermost.coko.foundation/coko/channels/town-square).
+
+In order to contribute to PubSweet,you're expected to follow a few sensible guidelines.
+
+## Search first, ask questions later
+
+If you want to create a new component or if you've experienced a bug or want to discuss something in the issue trackers, please search before you start developing to find out whether it already exists.
+
+## Discuss your contribution before you build
+
+Please let us know about the contribution you plan to make before you start it. Either comment on a relevant existing issue, or open a new issue if you can't find an existing one. This helps us avoid duplicating effort and to ensure contributions are likely to be accepted. You can also ask in the chat room (https://mattermost.coko.foundation/coko/channels/pubsweet) if you are unsure.
+
+For contributions made as discussions and suggestions, you can at any time open an RFC in our issue tracker and PubSweet community members will be happy to jump into a discussion.
+
+## Branches
 
 We maintain master as the production branch and tag it with release names. If you wish to contribute to PubSweet then you need to make a branch and then issue a pull request following this procedure:
-create a user account on Coko GitLab : http://gitlab.coko.foundation
-Clone master with git clone git@gitlab.coko.foundation:pubsweet/pubsweet.git
-Create a new branch and work off that. Please name the branch which sensibly identifies the feature you are working on. You can push the branch to Coko Gitlab at anytime.
 
-Getting your contributions merged
+1. Create a user account on Coko GitLab : http://gitlab.coko.foundation
+2. Clone master with git clone git@gitlab.coko.foundation:pubsweet/pubsweet.git
+3. Create a new branch and work off that. Please name the branch which sensibly identifies the feature you are working on. You can push the branch to Coko Gitlab at anytime.
+
+## Getting your contributions merged
 
 This is a two part process, first ask for comments, then ask for the changes to be merged.
 Ask for feedback generate a Merge Request (Pull Request) from the GitLab interface but do not assign this request to anyone. You do this from the Gitlab
@@ -18,11 +33,15 @@ We encourage feedback and discussion from as many people as possible on Merge Re
 
 Before merging all PRs must fulfill these three simple rules:
 
-1. Before a PR can be merged, it must pass the tests.
-2. Before a PR can be merged, it shouldn't reduce the test coverage.
-3. Bugfixes go in PRs and a bugfix PR shouldn't be merged without a regression test.
+1.  Before a PR can be merged, it must pass the tests and CI.
+2.  Before a PR can be merged, it shouldn't reduce the test coverage.
+3.  Bugfixes go in PRs and a bugfix PR shouldn't be merged without a regression test.
+
+## Conventional commits
+
+We use conventional commits and verify that commit messages match the pattern, you can read more about it here: https://conventionalcommits.org/ and here: https://github.com/conventional-changelog-archived-repos/conventional-changelog-angular/blob/master/convention.md. You can use `yarn cz` to use a command-line tool that helps you with formatting your commit. We use conventional commits so that we can automatically follow semantic versioning and generate CHANGELOGs across all packages.
 
-Bug reports, feature requests, support questions
+## Bug reports, feature requests, support questions
 
 This is all done through GitLab using their native issue tracker
 Visit the master issue tracker for PubSweet (https://gitlab.coko.foundation/pubsweet/pubsweet/issues)
@@ -31,4 +50,4 @@ Tag the issue with 'support', 'bug', or 'feature' to identify the nature of your
 
 Releases - follow one simple rule:
 
-1. Tests must pass.
+1.  Tests must pass.

Dockerfile

-FROM pubsweet/pubsweet:base
+FROM node:12
 
-COPY package.json yarn.lock ./
-COPY lerna.json .eslintignore .eslintrc .prettierrc .stylelintignore .stylelintrc commitlint.config.js ./
-COPY packages packages
+ENV HOME "/home/pubsweet"
+RUN mkdir -p ${HOME}
+WORKDIR ${HOME}
 
-RUN [ "yarn", "config", "set", "workspaces-experimental", "true" ]
+COPY . .
 
-# We do a development install because react-styleguidist is a dev dependency
+RUN [ "yarn", "config", "set", "workspaces-experimental", "true" ]
 RUN [ "yarn", "install", "--frozen-lockfile" ]
 
 # Remove cache and offline mirror
-RUN [ "yarn", "cache", "clean"]
-RUN [ "rm", "-rf", "/npm-packages-offline-cache"]
+RUN [ "yarn", "cache", "clean" ]
+RUN [ "rm", "-rf", "/npm-packages-offline-cache" ]
 
+RUN [ "yarn", "build" ]
 ENV NODE_ENV "production"
 
-WORKDIR ${HOME}/packages/ui
-RUN [ "npm", "run", "styleguide:build" ]
-# Create file for kubernetes health checks
-RUN touch ./styleguide/health
-
 EXPOSE 3000
 
-WORKDIR ${HOME}
 CMD []

packages/client/LICENSE → LICENSE

-Copyright (c) 2015 Adam Hyde
+Copyright (c) 2018 Adam Hyde
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

MAINTAINERS.md

+PubSweet consists of many software packages maintained by its community. Contributions are welcome from anyone, and discussed with the community as a whole before being accepted.
+
+Additionally, there is a group of people, that can accept merge requests and do releases of PubSweet - we call them... :drum: :drum:... :rocket: **"THE MAINTAINERS"** :rocket:
+
+Here they are in alphabetical order:
+
+- Andrei Cioromila @andrei.cioromila (Thinslices/Hindawi)
+- Audrey Hamelers @audrey (EBI)
+- Yannis Barlas @yannis (Coko)

README.md

 <div width="100%" align="center">
-  <img src="https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/assets/rgb-medium.jpg" width="300" />
-  <h2>The open toolkit for building publishing workflows</h2>
+  <img src="https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/assets/logo-pubsweet.png" width="300" />
+  <h2>PubSweet: The open toolkit for building publishing workflows</h2>
 </div>
 
-| ![PubSweet home](https://img.shields.io/badge/PubSweet-home-51c1bc.svg?style=flat&colorA=84509d) [![MIT license](https://img.shields.io/badge/license-MIT-e51879.svg)](https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/LICENSE) [![mattermost](https://img.shields.io/badge/mattermost_chat-coko%2Fpubsweet-blue.svg)](https://mattermost.coko.foundation/coko/channels/pubsweet) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/) |
-| :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
+| [![MIT license](https://img.shields.io/badge/license-MIT-e51879.svg)](https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/LICENSE) [![mattermost](https://img.shields.io/badge/mattermost_chat-coko%2Fpubsweet-blue.svg)](https://mattermost.coko.foundation/coko/channels/pubsweet) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/) |
+| :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
 
 
-# Contents
-
-<!-- TOC depthFrom:1 depthTo:6 withLinks:1 updateOnSave:0 orderedList:0 -->
-
-* [Overview](#overview) - [PubSweet packages](#pubsweet-packages)
-* [Getting started](#getting-started)
-* [Support](#support)
-* [Credits](#credits)
-
-<!-- /TOC -->
-
 # Overview
 
 **PubSweet** allows you to build state-of-the-art publishing platforms.
 
 It's a modular and flexible framework consisting of a **server** and **client** that work together, **components** that can modify or extend the functionality of the server and/or client, and a **command-line tool** that helps manage PubSweet apps.
 
-## PubSweet packages (managed with Lerna)
-
-| package                                                                                                                                                                                                              | description                                                           |
-| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------- |
-| [![pubsweet-server](https://img.shields.io/badge/PubSweet-server-51c1bc.svg?style=flat&colorA=84509d) pubsweet-server](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/server)                 | an extensible RESTful API that runs on the server                     |
-| [![pubsweet-client](https://img.shields.io/badge/PubSweet-client-51c1bc.svg?style=flat&colorA=84509d) pubsweet-client](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/client)                 | an extensible frontend app that runs in the browser                   |
-| [![pubsweet-components](https://img.shields.io/badge/PubSweet-components-51c1bc.svg?style=flat&colorA=84509d) pubsweet-components](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/components) | components for server and/or client                                   |
-| [![pubsweet-cli](https://img.shields.io/badge/PubSweet-CLI-51c1bc.svg?style=flat&colorA=84509d) pubsweet cli](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/cli)                             | a suite of command-line tools for building and managing your platform |
-| [pubsweet-theme-plugin](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/theme-plugin)                                                                                                          | webpack plugin for theme support in PubSweet                          |
-| [@pubsweet/logger](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/logger)                                                                                                                     | logging utility                                                       |
-| [@pubsweet/db-manager](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/db-manager)                                                                                                             | utility for managing PubSweet databases                               |
-
-# Getting started
+# Documentation
 
-The entry-point into PubSweet is the `pubsweet` command-line tool: [pubsweet-cli](https://gitlab.coko.foundation/pubsweet/pubsweet/tree/master/packages/cli).
+The [PubSweet website](http://pubsweet.coko.foundation) contains all of the documentation for the PubSweet framework. Please submit an issue or MR if you find a piece of information is missing!
 
 # Support
 
-* **If you have a general query about PubSweet**, or want to discuss anything with us, come and [chat to us in our Mattermost channel](https://mattermost.coko.foundation/coko/channels/pubsweet).
+- **If you have a general query about PubSweet**, or want to discuss anything with us, come and [chat to us in our Mattermost channel](https://mattermost.coko.foundation/coko/channels/pubsweet).
 
-* **Bug reports and feature requests** belong in the issues of this monorepo.
+- **Bug reports and feature requests** belong in the issues of this monorepo.
 
 # Projects using PubSweet
 
-* [Editoria](https://gitlab.coko.foundation/editoria/editoria) - a book production platform built for University of California Press
-* [Xpub](https://gitlab.coko.foundation/xpub/xpub) - a journal publishing platform
+- [Editoria](https://gitlab.coko.foundation/editoria/editoria) - a book production platform built for University of California Press
+- [elife-xpub](https://github.com/elifesciences/elife-xpub/) - A journal publishing platform in collaboration with eLife
+- [xpub-review](https://gitlab.com/hindawi/xpub/xpub-review) - A journal publishing platform in collaboration with Hindawi
+- [Micropubs](https://gitlab.coko.foundation/micropubs/wormbase) - A micropublications platform in collaboration with Wormbase
+- [Xpub](https://gitlab.coko.foundation/xpub/xpub) - Collabra, a journal publishing platform
 
 # Credits
 
 PubSweet is part of the [Collaborative Knowledge Foundation](https://coko.foundation) family.
 
-<a href="https://coko.foundation"><img src="https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/assets/COKO_logo.jpg" width="300" /></a>
+<a href="https://coko.foundation"><img src="https://gitlab.coko.foundation/pubsweet/pubsweet/raw/master/assets/COKO_logo.png" width="300" /></a>

Security.md

+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for PubSweet.
+
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+We take all security bugs in PubSweet seriously and we thank you for improving its security. 
+We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead developer, Jure Triglav, at jure (at) coko.foundation.
+
+The lead developer will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the security team will
+try to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+You can also report a vulnerability through [npm](https://www.npmjs.com/policies/security#reporting-security-problems-to-npm), with the option of submitting a vulnerability directly for a specific package, e.g. [`pubsweet`](https://www.npmjs.com/advisories/report?package=pubsweet).
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible to npm.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+merge request.
\ No newline at end of file