Skip to content

Security.md WANTED #147

New issue
New issue
Open
Open
Security.md WANTED#147
@darallium

Description

@darallium
darallium
opened on Sep 10, 2025

Hello @max-mapper ,
Thank you for your great work on extract-zip. It's a very useful library that many of us rely on.
I'm opening this issue to make a suggestion to improve the project's security posture. I noticed that the repository does not currently have a SECURITY.md file. This file is very helpful for defining a clear process for how security researchers should report vulnerabilities.
Suggestion:
Could you please consider adding a SECURITY.md file to the repository?
Benefits:
It provides clear, official guidelines for anyone who finds a security vulnerability.
It helps prevent security issues from being disclosed publicly in GitHub issues and promotes Responsible Disclosure.
GitHub will automatically display a link to your security policy on the "Security" tab and when someone creates a new issue.
Here is a simple template you could adapt. Using GitHub's private vulnerability reporting feature is often the easiest and most secure method.

Here is a simple template you could adapt. Using GitHub's private vulnerability reporting feature is often the easiest and most secure method.

# Security Policy

## Supported Versions

We are committed to providing security updates for the latest major version.

| Version | Supported          |
| ------- | ------------------ |
| 2.x.x   | :white_check_mark: |
| < 2.0   | :x:                |

## Reporting a Vulnerability

We take all security bugs in `extract-zip` seriously. We appreciate your help in disclosing them to us responsibly.

If you discover a security vulnerability, please report it to us by **using GitHub's private vulnerability reporting feature**. You can do this by going to the "Security" tab of our repository and clicking on "Report a vulnerability".

This will ensure that your finding is received and addressed by the maintainers privately. We will do our best to respond to your report within 48-72 hours.

**Please do not disclose security issues in public GitHub issues, discussions, or pull requests.**

FYI: I found a security risk on this library. I hope you make Security.md ASAP

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions