We take security seriously. If you discover a security vulnerability, please report it responsibly:
This repository has private vulnerability reporting enabled. You can securely report vulnerabilities directly through GitHub:
- Navigate to the Security tab
- Click Advisories
- Click "Report a vulnerability" button
- Fill out the vulnerability details
This allows us to discuss and fix the issue privately before any public disclosure.
Alternatively, you can email us at [email protected]
Please do NOT report security vulnerabilities through public GitHub issues.
- Clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Your environment details (Node.js version, OS, etc.)
- Initial Response: Within 48 hours
- Status Updates: Every 3-5 business days
- Resolution: Critical issues resolved within 7 days
We provide security updates for the following versions. If you're using an unsupported version, please upgrade to receive security patches.
| Version | Supported |
|---|---|
| >= 1.0.0 | β Yes |
| < 1.0.0 | β No |
When contributing or deploying:
- β Never commit secrets, API keys, or credentials
- β Always use environment variables for sensitive data
- β Keep dependencies updated
- β Use HTTPS/TLS for all endpoints
- β Enable security scanning (Dependabot, CodeQL)
While we don't offer monetary rewards, we deeply value security researchers and provide:
- Public acknowledgment in security advisories (with permission)
- Recognition in our security contributors hall of fame
- Professional references for your security work
Thank you for helping keep our projects secure! π
π with β€οΈ by Waren Gonzaga under WG Technology Labs and Him π