Fix: fixed typos and inaccuracies

README.md

@@ -60,19 +60,19 @@ See also: [Code guidelines](doc/code-guidelines.md)
 
 ### Releases
 
-The repository has several CI workflows that automatically release new versions of the various components when a new Github release is published.
+The repository has several CI workflows that automatically release new versions of the various components when a new GitHub release is published.
 Each component's workflow uses a specific tag format including the component name and version number (e.g., Fortuna uses the tag `fortuna-vX.Y.Z`).
 The general process for creating a new release is:
 
 1. Update the version number of the component in the repo, e.g., in `package.json` or `Cargo.toml` or wherever. Please follow [Semantic Versioning](https://semver.org/) for package versions.
 2. Submit a PR with the changes and merge them in to main.
-3. Create a new release on github. Configure the release to create a new tag when published. Set the tag name and version for the component you wish to release -- see the [Releases](https://github.com/pyth-network/pyth-crosschain/releases) page to identify the relevant tag.
-4. Publish the release. This step will automatically trigger a Github Action to build the package and release it. This step will e.g., publish packages to NPM, or build and push docker images.
-   - Note that when publishing a public package, you should prune the auto-generated Github release notes to only include changes relevant to the release. Otherwise, the changelog will include commits from unrelated projects in the monorepo since the previous release.
+3. Create a new release on GitHub. Configure the release to create a new tag when published. Set the tag name and version for the component you wish to release -- see the [Releases](https://github.com/pyth-network/pyth-crosschain/releases) page to identify the relevant tag.
+4. Publish the release. This step will automatically trigger a GitHub Action to build the package and release it. This step will e.g., publish packages to NPM, or build and push docker images.
+   - Note that when publishing a public package, you should prune the auto-generated GitHub release notes to only include changes relevant to the release. Otherwise, the changelog will include commits from unrelated projects in the monorepo since the previous release.
 
-Note that all javascript packages are released together using a tag of the form `pyth-js-v<number>`. (The `number` is arbitrary.)
-If you have a javascript package that shouldn't be published, simply add `"private": "true"` to the `package.json` file
-and it will be excluded from the publishing workflow. If you are creating a new public javascript package, you should add
+Note that all JavaScript packages are released together using a tag of the form `pyth-js-v<number>`. (The `number` is arbitrary.)
+If you have a JavaScript package that shouldn't be published, simply add `"private": "true"` to the `package.json` file
+and it will be excluded from the publishing workflow. If you are creating a new public JavaScript package, you should add
 the following config option to `package.json`:
 
 ```
@@ -83,7 +83,7 @@ the following config option to `package.json`:
 
 ### Typescript Monorepo
 
-All of the typescript / javascript packages in this repository are part of a
+All of the typescript / JavaScript packages in this repository are part of a
 [turborepo](https://turbo.build/repo/docs) monorepo.
 
 #### Setting up
@@ -123,7 +123,7 @@ after `--`, for instance you could run `pnpm test -- --concurrency 2`.
 
 New packages should be configured with a few requirements in mind:
 
-1. You need to make sure `package.json` scripts are named such that that
+1. You need to make sure `package.json` scripts are named such that
    turborepo will hook into them at the expected times.
 
    - See [turbo.json](./turbo.json) to see the base configuration and ensure you
@@ -148,18 +148,18 @@ New packages should be configured with a few requirements in mind:
 
 3. If you are writing a package that will be published:
 
-   - Make sure you are dual-exporting cjs and esm correctly, see [how the lazer
+   - Make sure you are dual-exporting CJS and ESM correctly, see [how the lazer
      sdk package builds](./lazer/sdk/js/package.json) (in particular look at the
      `build:cjs` and `build:esm` tasks) for an example for how to do this
 
    - Ensure you have properly configured [subpath
      exports](https://nodejs.org/api/packages.html#subpath-exports) to reference
-     the esm and cjs outputs so that your package can be consumed correctly in
+     the ESM and CJS outputs so that your package can be consumed correctly in
      both environments. Again, see [the lazer sdk](./lazer/sdk/js/package.json)
      as an example for doing this correctly.
 
    - Ensure you have set a `main` and `types` property on your `package.json`
-     pointing to your cjs entrypoint for use in older javascript environments.
+     pointing to your CJS entrypoint for use in older JavaScript environments.
 
    - Ensure you configure the `files` property on your `package.json` to include
      all output files and to exclude source files & tooling configuration. This

SECURITY.md

@@ -2,7 +2,7 @@
 
 ## Bug Bounty Program
 
-Pyth operates a self hosted [bug bounty program](https://pyth.network/bounty) to financially incentivize independent researchers (with up to $500,000 USDC) for finding and responsibly disclosing security issues.
+Pyth operates a self-hosted [bug bounty program](https://pyth.network/bounty) to financially incentivize independent researchers (with up to $500,000 USDC) for finding and responsibly disclosing security issues.
 
 - **Scopes**
   - [Pyth Oracle](https://github.com/pyth-network/pyth-client/tree/main/program)
@@ -25,12 +25,12 @@ We engage 3rd party firms to conduct independent security audits of Pyth. At any
 As these 3rd party audits are completed and issues are sufficiently addressed, we make those audit reports public.
 
 - **[April 27, 2022 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2022_04_27/pyth2wormhole_zellic.pdf)**
-  - **Scope**: _pyth-crosschain (formerly known as pyth2wormhole))_
+  - **Scope**: _pyth-crosschain (formerly known as pyth2wormhole)_
 - **[October 10, 2022 - OtterSec](https://github.com/pyth-network/audit-reports/blob/main/2022_10_10/pyth_aptos.pdf)**
   - **Scope**: _pyth-crosschain-aptos contracts_
 - **[November 01, 2022 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2022_11_01/pyth.pdf)**
   - **Scope**: _pyth-crosschain-evm contracts_
-- **[December 12, 2022 - Ottersec](https://github.com/pyth-network/audit-reports/blob/main/2023_07_27/pyth_sui_audit_final.pdf)**
+- **[December 12, 2022 - OtterSec](https://github.com/pyth-network/audit-reports/blob/main/2023_07_27/pyth_sui_audit_final.pdf)**
   - **Scope**: _pyth-crosschain-sui contracts_
 - **[December 13, 2022 - CertiK](https://github.com/pyth-network/audit-reports/blob/pyth-certik/2022_12_13/pyth-crosschain-governance.pdf)**
   - **Scope**: _pyth-crosschain-governance contracts_
@@ -48,13 +48,13 @@ As these 3rd party audits are completed and issues are sufficiently addressed, w
   - **Scope**: _pyth-crosschain pythnet validator, message_buffer/remote_executor/oracle contracts, merkle tree library, xc_admin_frontend_
 - **[January 18, 2024 - Trail of Bits](https://github.com/pyth-network/audit-reports/blob/main/2024_01_23/Pyth%20Data%20Association%20-%20Entropy%20-%20Comprehensive%20Report.pdf)**
   - **Scope**: _pyth-crosschain-entropy contracts and fortuna web service_
-- **[April 25, 2024 - Ottersec](https://github.com/pyth-network/audit-reports/blob/main/2024_04_25/pyth_solana_pull_oracle_audit_final.pdf)**
+- **[April 25, 2024 - OtterSec](https://github.com/pyth-network/audit-reports/blob/main/2024_04_25/pyth_solana_pull_oracle_audit_final.pdf)**
   - **Scope**: _pyth-crosschain-solana contracts_
 - **[July 12, 2024 - Nethermind](https://github.com/pyth-network/audit-reports/blob/main/2024_07_12/pyth_starknet_pull_oracle_audit_final.pdf)**
   - **Scope**: _pyth-crosschain-starknet contracts_
-- **[Jan 17, 2025 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2025_01_17/pyth_lazer_solana_audit_final.pdf)**
+- **[January 17, 2025 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2025_01_17/pyth_lazer_solana_audit_final.pdf)**
   - **Scope**: _pyth-lazer solana contract_
-- **[Feb 12, 2025 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2025_02_12/pyth_lazer_evm_audit_final.pdf)**
+- **[February 12, 2025 - Zellic](https://github.com/pyth-network/audit-reports/blob/main/2025_02_12/pyth_lazer_evm_audit_final.pdf)**
   - **Scope**: _pyth-lazer evm contract_
 
 ## Social Media Monitoring
@@ -63,20 +63,20 @@ The Pyth project maintains a social media monitoring program to stay abreast of
 
 These developments include monitoring services like Twitter for key phrases and patterns such that the Pyth project is informed of a compromise or vulnerability in a dependency that could negatively affect Pyth or its users.
 
-In the case of a large ecosystem development that requires response, the Pyth project will engage its security incident response program.
+In the case of a large ecosystem development that requires a response, the Pyth project will engage its security incident response program.
 
 ## Incident Response
 
-The Pyth project maintains an incident response program to respond to vulnerabilities or active threats to Pyth, its users, or the ecosystems it's connected to. Pyth can be made aware about a security event from a variety of different sources (eg. bug bounty program, audit finding, security monitoring, social media, etc.)
+The Pyth project maintains an incident response program to respond to vulnerabilities or active threats to Pyth, its users, or the ecosystems it's connected to. Pyth can be made aware about a security event from a variety of different sources (e.g. bug bounty program, audit finding, security monitoring, social media, etc.)
 
 When a Pyth project contributor becomes aware of a security event, that contributor immediately holds the role of [incident commander](https://en.wikipedia.org/wiki/Incident_commander) for the issue until they hand off to a more appropriate incident commander. A contributor does not need to be a "security person" or have any special privileges to hold the role of incident commander, they simply need to be responsible, communicate effectively, and maintain the following obligations to manage the incident to completion.
 
 The role of the incident commander for Pyth includes the following minimum obligations:
 
 - Understand what is going on, the severity, and advance the state of the incident.
 - Identify and contact the relevant responders needed to address the issue.
-- Identify what actions are needed for containment (eg. security patch, contracts deployed, governance ceremony).
-- Establish a dedicated real-time communication channel for responders to coordinate (eg. Slack, Telegram, Signal, or Zoom).
+- Identify what actions are needed for containment (e.g. security patch, contracts deployed, governance ceremony).
+- Establish a dedicated real-time communication channel for responders to coordinate (e.g. Slack, Telegram, Signal, or Zoom).
 - Establish a private incident document, where the problem, timeline, actions, artifacts, lessons learned, etc. can be tracked and shared with responders.
 - When an incident is over, host a [retrospective](https://en.wikipedia.org/wiki/Retrospective) with key responders to understand how things could be handled better in the future (this is a no blame session, the goal is objectively about improving Pyth's readiness and response capability in the future).
 - Create issues in relevant ticket trackers for actions based on lessons learned.