We take the security of our project seriously. If you believe you have found a security vulnerability, please report it through GitHub's Security tab:
- Go to our repository's Security tab
- Click "Report a vulnerability"
- Fill out the form with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
For more information on reporting security vulnerabilities through GitHub, visit: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
- We will acknowledge receipt of your report within 48 hours
- We will provide a more detailed response within 7 days
- We will work on fixing the issue and keep you informed of our progress
- Once the issue is resolved, we will publish a security advisory
- Security updates will be released as soon as possible after a vulnerability is confirmed
- Legacy versions will receive security updates for [X] months after release
- Updates will be clearly marked in our changelog
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We recommend users:
- Keep dependencies up to date
- Use the latest stable version
- Enable security alerts in GitHub
- Regularly audit dependencies using
npm auditor similar tools
- We follow responsible disclosure practices
- Vulnerabilities will be announced 7 days after a fix is released
- Critical vulnerabilities may be announced sooner depending on potential impact
- Enable security features in your implementation
- Follow our security configuration guide in the documentation
- Use environment variables for sensitive information