Skip to content

Commit f7dffca

Browse files
authored
chore: add security policy
1 parent 0186e82 commit f7dffca

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

SECURITY.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
Any non-deprecated version labelled on [npm](https://npmjs.com/package/quickpostgres) is supported for vulnerability reports.
6+
7+
## Reporting a vulnerability
8+
9+
Security vulnerability must not be made in public. Instead, they must be privately reported to one of the repository maintainers:
10+
11+
- [GodderE2D]([email protected])
12+
13+
Your report will be reviewed within 7 days via a follow-up email to the `reply-to` field on your original email.
14+
If a `reply-to` field is not present, we will follow-up to the email address you used to send the email.
15+
16+
It is advised to provide a backup email address if you cannot access your primary email address.
17+
It is also advisable to include your GitHub username if all other methods fail.
18+
19+
If we follow up to your report and you do not reply within 14 days, your report will automatically be discarded.
20+
You will receive a notification about this and you will need to create another report if you wish to continue.
21+
22+
**⚠ Warning**
23+
For security reasons, we do not accept email address domains that has one of the following TLDs (top level domains):
24+
25+
- .tk
26+
- .ml
27+
- .ga
28+
- .cf
29+
- .gq
30+
31+
## Qualifying vulnerabilities
32+
33+
All valid vulnerability types are currently supported.
34+
35+
## Acceptance rewards
36+
37+
As a reward, your GitHub username will be featured on our [README](https://github.com/GodderE2D/quickpostgres/blob/main/README.md) if you agree to it.
38+
39+
We are currently unable to financially reward you for vulnerability reports for the time being.

0 commit comments

Comments
 (0)