Skip to content

Security: bxvtr/deribit-history-client

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest state of the main branch is actively maintained.

Earlier commits, released versions, and forks may not receive security fixes or vulnerability patches.

Reporting a Vulnerability

If a security issue is identified, do not open a public GitHub issue.

Instead, report responsibly using one of the following channels:

  • GitHub Security Advisories
  • Direct contact with the repository maintainer via GitHub

A vulnerability report should include:

  • A clear technical description of the issue
  • Steps to reproduce, if applicable
  • Affected modules, files, or API calls
  • Potential impact (data corruption, denial of service, unexpected API behavior, etc.)

All reports are handled using responsible disclosure practices.

Security Scope

This repository provides a Python-based client for interacting with Deribit’s public historical market data API, including:

  • HTTP request handling for public endpoints
  • Instrument metadata retrieval
  • Historical trade data fetching by sequence
  • JSON Schema-based response validation
  • Optional API shape consistency checks

Primary security considerations include:

  • Input validation and safe request construction
  • Defensive handling of unexpected API responses
  • Protection against malformed or oversized payloads
  • Dependency vulnerabilities in HTTP and validation libraries

Since the client only interacts with public, unauthenticated endpoints, no API credentials or private account data are handled.

Dependency Security

  • Dependencies are explicitly defined in pyproject.toml
  • The project aims to remain dependency-light
  • Security-related dependency updates are prioritized

CI is expected to catch test failures and linting issues related to updates.

Responsible Usage

Users are responsible for:

  • Respecting Deribit API usage policies and rate limits
  • Handling downloaded data appropriately in their own systems
  • Keeping their Python environment and dependencies up to date

This project does not manage authentication, permissions, or infrastructure security.

Disclosure Policy

Please allow reasonable time for investigation and remediation before any public disclosure of reported security vulnerabilities.

There aren’t any published security advisories