Skip to content
This repository was archived by the owner on Jul 2, 2026. It is now read-only.

Security: vincentjkessler/launchcheck

Security

SECURITY.md

Security policy

Use GitHub private vulnerability reporting when available. Do not disclose exploitable archive traversal, command execution, report injection, browser isolation, or clipboard injection issues in a public issue before a fix is available.

LaunchCheck processes untrusted files. Contributions must preserve these boundaries:

  • extracted ZIP entries must remain inside the temporary extraction root
  • arbitrary downloaded executables and scripts must not be launched automatically
  • browser automation must remain scoped to declared local HTML entry points
  • report HTML must escape untrusted content
  • clipboard content must be treated as data, not instructions

There aren't any published security advisories