Skip to main content

Security Policy

Supported Versions

VersionSupported
1.x.x✅ Yes
< 1.0❌ No

Reporting a Vulnerability

If you discover a security vulnerability, please email [email protected] instead of using the public issue tracker. Include:
  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial Assessment: Within 1 week
  • Fix Timeline: Varies by severity
  • Public Disclosure: After fix is released

Security Best Practices

  • Never commit API keys to version control
  • Use environment variables
  • Rotate keys periodically
  • Use separate keys for dev/prod
  • Keep dependencies updated
  • Review security advisories
  • Use npm audit regularly
  • Validate all user inputs
  • Don’t expose keys in logs
  • Use HTTPS for API calls
  • Implement rate limiting

Known Issues

Check GitHub Security Advisories for current issues.

Next Steps

Authentication

API key setup

Contributing

Contribute securely