File tree Expand file tree Collapse file tree 1 file changed +39
-0
lines changed Expand file tree Collapse file tree 1 file changed +39
-0
lines changed Original file line number Diff line number Diff line change
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ Any non-deprecated version labelled on [ npm] ( https://npmjs.com/package/quickpostgres ) is supported for vulnerability reports.
6
+
7
+ ## Reporting a vulnerability
8
+
9
+ Security vulnerability must not be made in public. Instead, they must be privately reported to one of the repository maintainers:
10
+
11
+
12
+
13
+ Your report will be reviewed within 7 days via a follow-up email to the ` reply-to ` field on your original email.
14
+ If a ` reply-to ` field is not present, we will follow-up to the email address you used to send the email.
15
+
16
+ It is advised to provide a backup email address if you cannot access your primary email address.
17
+ It is also advisable to include your GitHub username if all other methods fail.
18
+
19
+ If we follow up to your report and you do not reply within 14 days, your report will automatically be discarded.
20
+ You will receive a notification about this and you will need to create another report if you wish to continue.
21
+
22
+ ** ⚠ Warning**
23
+ For security reasons, we do not accept email address domains that has one of the following TLDs (top level domains):
24
+
25
+ - .tk
26
+ - .ml
27
+ - .ga
28
+ - .cf
29
+ - .gq
30
+
31
+ ## Qualifying vulnerabilities
32
+
33
+ All valid vulnerability types are currently supported.
34
+
35
+ ## Acceptance rewards
36
+
37
+ As a reward, your GitHub username will be featured on our [ README] ( https://github.com/GodderE2D/quickpostgres/blob/main/README.md ) if you agree to it.
38
+
39
+ We are currently unable to financially reward you for vulnerability reports for the time being.
You can’t perform that action at this time.
0 commit comments