If you discover a security vulnerability within this project, please follow these steps to report it responsibly:
- Create a public GitHub issue about the vulnerability
- Share details of the vulnerability on social media or public forums
- Exploit the vulnerability in production environments
- Email [email protected] with details of the vulnerability
- Include clear steps to reproduce the issue
- If possible, suggest a potential fix or mitigation strategy
-
Within 48 hours: You'll receive an acknowledgment that we've received your report and are investigating the issue.
-
Within 7 days: We'll confirm whether the report is a valid vulnerability and provide updates on our investigation.
-
Within 30 days: For valid vulnerabilities, we aim to:
- Develop and deploy a fix
- Notify affected users as appropriate
- Credit you in our changelog unless you request otherwise
- We regularly update dependencies to address known vulnerabilities
- We use TypeScript to help catch type-related errors early
- We follow current security best practices for web applications
- We perform code reviews with security considerations in mind
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
Only the latest version receives security updates. We recommend always using the most recent release.
We appreciate security researchers who help improve the safety of our project. Contributors who report significant vulnerabilities will be acknowledged in our security hall of fame.
Thank you for helping keep this project secure and our users protected.