File tree Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Original file line number Diff line number Diff line change 1+ # ShellJS Security Policy
2+
3+ Thank you for reaching out regarding the security of the ShellJS module! Please
4+ note that this project is maintained on a best-effort basis, however I still
5+ intend to prioritize reviewing and addressing security issues.
6+
7+ ## Supported Versions
8+
9+ I generally only support the latest ShellJS release (see
10+ https://www.npmjs.com/package/shelljs ). My goal is to release security fixes as
11+ patch releases on top of whatever was most recently shipped.
12+
13+ If breaking changes have already landed on the main development branch, I may
14+ apply the patch on the relevant release branch (ex.
15+ [ ` 0.8-release ` ] ( https://github.com/shelljs/shelljs/commits/0.8-release ) and
16+ create a new release from there.
17+
18+ ## Reporting a Vulnerability
19+
20+ Please report security vulnerabilities to ntfschr@gmail.com . I should respond
21+ within a few days. Although it's not strictly required, it helps me out if you
22+ can include any proof of concept exploit code, suggested fix, etc.
23+
24+ ** Please do not publicly disclose the suspected vulnerability** until I have a
25+ chance to review your report. I'd like a chance to patch the code before the
26+ issue is known to the public.
27+
28+ Please ** only** use this email for security issues. It's also OK to use the
29+ email if you're legitimately unsure if this is a security issue (better safe
30+ than sorry). But for all other non-security issues, please use the GitHub issue
31+ tracker.
You can’t perform that action at this time.
0 commit comments