chore: add security policy

GodderE2D · web-flow · commit f7dffca49277 · 2021-11-22T13:56:58.000+11:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+Any non-deprecated version labelled on [npm](https://npmjs.com/package/quickpostgres) is supported for vulnerability reports.
+
+## Reporting a vulnerability
+
+Security vulnerability must not be made in public. Instead, they must be privately reported to one of the repository maintainers:
+
+- [GodderE2D](main@godder.xyz)
+
+Your report will be reviewed within 7 days via a follow-up email to the `reply-to` field on your original email.
+If a `reply-to` field is not present, we will follow-up to the email address you used to send the email.
+
+It is advised to provide a backup email address if you cannot access your primary email address.
+It is also advisable to include your GitHub username if all other methods fail.
+
+If we follow up to your report and you do not reply within 14 days, your report will automatically be discarded.
+You will receive a notification about this and you will need to create another report if you wish to continue.
+
+**⚠ Warning**  
+For security reasons, we do not accept email address domains that has one of the following TLDs (top level domains):
+
+- .tk
+- .ml
+- .ga
+- .cf
+- .gq
+
+## Qualifying vulnerabilities
+
+All valid vulnerability types are currently supported.
+
+## Acceptance rewards
+
+As a reward, your GitHub username will be featured on our [README](https://github.com/GodderE2D/quickpostgres/blob/main/README.md) if you agree to it.
+
+We are currently unable to financially reward you for vulnerability reports for the time being.
