This library deals with sensitive features of your application, specifically the validation of JWT tokens. Security is a top priority to ensure the integrity and confidentiality of your data.

We follow semantic versioning guidelines and strive to maintain compatibility even with major versions. It is always safe to use the latest version of this library.

• All code changes are reviewed and approved by at least one other maintainer to ensure high-quality and secure code.
• Automated tests, including security-related tests, are run for all pull requests.

• We regularly update dependencies to include the latest security patches.
• We use automated tools to monitor and report any vulnerabilities in our dependencies.

• The library is designed with secure defaults. Configurations and usage examples provided in the documentation follow best security practices.

If you discover a vulnerability in this library, please report it as soon as possible. To report a vulnerability, please follow these steps:

1. Contact Information:

   • Email: [email protected]
   • Encrypt your message using the PGP key 65191F91FB52D342.
   • Use the subject prefix [JWTWALLET-SECURITY].

2. Details to Include:

   • A description of the vulnerability.
   • Steps to reproduce the vulnerability.
   • Any potential impact.

3. Response Time:

   • We aim to respond to vulnerability reports within 48 hours.
   • We will keep you updated on the status of your report and work with you to address the vulnerability promptly.

• We appreciate and encourage responsible disclosure of vulnerabilities. Please give us a reasonable amount of time to fix the issue before making any details public.
• We will credit security researchers who responsibly disclose vulnerabilities in our release notes.

For any security-related inquiries, please contact Mehmet at [email protected].

• Semantic Versioning
• PGP Key 65191F91FB52D342

We are committed to ensuring the security of our library and appreciate your support in keeping it secure.