We actively maintain this project and provide security updates for the latest stable release.
| Version | Supported |
|---|---|
| Latest | β Yes |
| Older | β No (Upgrade Required) |
We take security issues seriously. If you discover a vulnerability, please DO NOT create a public GitHub issue.
- Email us at
[your-security-email@example.com] - Or use GitHub Security Advisories (if enabled): GitHub Security Advisories
- Provide the following details:
- A detailed description of the vulnerability.
- Steps to reproduce it.
- Any possible fixes (if available).
We will respond within 48 hours and work on a resolution as soon as possible.
When contributing code, please follow these security best practices:
β Avoid hardcoding secrets (API keys, passwords).
β Use secure dependencies (run npm audit, pip-audit, or snyk test).
β Sanitize user input (to prevent XSS and SQL injection).
β Follow the principle of least privilege (restrict permissions where possible).
β Review third-party dependencies for known vulnerabilities.
We use the following tools to automate security checks:
- Dependabot β Automatic dependency updates.
- Snyk β Scans for vulnerabilities in dependencies.
- Trivy β Security scanning for containers.
- Gitleaks β Detects secrets in Git commits.
- Lynis β Audits system configuration.
π You can run security scans manually using:
npm audit fix # For Node.js projects
pip-audit # For Python projects
snyk test # Run Snyk security scan
trivy fs . # Scan entire repository