We take the security of our project seriously. We appreciate the efforts of the security community and believe that responsible disclosure of security vulnerabilities helps us ensure the safety and privacy of our users.
As a web application under active development, we only provide security updates for the most recent version of the code available in our main branch. We encourage you to run the latest version of the code.
| Version | Supported |
|---|---|
| latest | ✅ |
To report a security vulnerability, please do not create a public GitHub issue. Instead, send a private email to:
Please include the following details in your report:
- A clear description of the vulnerability.
- The steps required to reproduce the issue.
- Any proof-of-concept code, screenshots, or screen recordings.
- The potential impact of the vulnerability.
Our Commitment and What to Expect
- Acknowledgement: We will acknowledge receipt of your report within 48 hours.
- Assessment: We will conduct an initial assessment and aim to provide an update within 5-7 business days.
- Resolution: If the vulnerability is confirmed, we will work on a patch as soon as possible and coordinate a disclosure timeline with you.
- Credit: We are happy to publicly credit security researchers for their findings once the vulnerability is patched.
Thank you for helping keep NPMChat secure!