Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via GitHub's private vulnerability reporting feature:
- Go to the Security tab
- Click "Report a vulnerability"
- Fill out the form with details
Alternatively, you can email security concerns to the maintainers.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if you have one)
- We aim to acknowledge reports within 48 hours
- We'll provide a detailed response within 1 week
- We'll work with you to understand and resolve the issue
| Version | Supported |
|---|---|
| 1.x.x | ✅ Yes |
| < 1.0 | ❌ No |
When contributing to this project:
- Keep dependencies up to date
- Follow secure coding practices
- Run security audits:
yarn audit - Don't commit secrets or credentials
We appreciate responsible disclosure and will credit security researchers (with permission) in our changelog and security advisories.