Skip to content

Security: kiyeonjeon21/mermaid-to-hyperframes

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes target the latest published npm version of mermaid-to-hyperframes.

Reporting A Vulnerability

Do not open a public issue for a suspected vulnerability.

Report security concerns privately to the maintainer listed in package.json, or use GitHub private vulnerability reporting if it is enabled for this repository.

Useful reports include:

  • A minimal reproduction.
  • The affected version.
  • The command and input file involved.
  • Whether untrusted Mermaid input, generated HTML, filesystem writes, or dependency behavior is involved.

Security Scope

This project shells out to Mermaid CLI and generates a local Hyperframes project. Treat untrusted .mmd files and generated HTML with care, especially in automated environments.

Security issues may include arbitrary file writes, command execution paths, unsafe handling of generated HTML, dependency compromise, or token leakage in release automation.

Rendering quality issues, unsupported Mermaid syntax, and normal conversion bugs should be reported with the regular issue templates instead.

There aren't any published security advisories