| Version | Supported |
|---|---|
| 0.0.7 | ✅ |
| < 0.0.7 | ❌ |
We take the security of VS Code Activity Extension seriously. If you believe you have found a security vulnerability, please follow these steps:
- Do Not disclose the vulnerability publicly
- Send a description of the vulnerability to [email protected]
- Include steps to reproduce
- Include the version where you found the vulnerability
- Include any potential solutions if you have them
- You can expect an initial response within 48 hours
- Please allow up to 1 week for us to release a fix
The extension implements the following security measures:
- All activity data is stored locally on your machine
- No data is sent to external servers without explicit user consent
- GitHub authentication is handled securely through VS Code's built-in authentication provider
- No sensitive information is logged
To ensure the security of your data:
- Keep your VS Code installation up to date
- Keep the extension updated to the latest version
- Review the extension's permissions during installation
- Do not share your GitHub tokens or credentials
We regularly monitor and update our dependencies to patch any known vulnerabilities. Our dependency security is managed through:
- GitHub's Dependabot alerts
- Regular manual security audits
- npm audit checks
We would like to thank the following individuals who have reported security issues:
[List will be updated as security researchers report issues]