The following versions of enum-plus are currently being supported with security updates:
| Version | Supported |
|---|---|
| 3.x | ✅ |
| 2.x | ✅ |
| <= 1.x | ❌ |
We take the security of our project seriously. We appreciate your efforts to responsibly disclose your findings.
Please do not report security vulnerabilities through public GitHub issues.
Please send an email to [email protected] or [email protected] with the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any potential solutions you've identified
After you've submitted your report:
- You'll receive an acknowledgment within 48 hours
- We'll provide a timeline for when you can expect to hear back about the assessment of the vulnerability
- We'll keep you informed about our progress towards resolving the issue
- Once the vulnerability is fixed, we'll publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous)
When we receive a security bug report, we will:
- Confirm the vulnerability and determine its effects
- Develop and test a fix for the issue
- Prepare a patch that will be applied to all supported versions
- Release new security fix versions as soon as possible
- Publish a security advisory on GitHub detailing the vulnerability, impact, and how to upgrade
Security updates will be released through:
- New package versions on npm with security patches
- Security advisories on GitHub
- Release notes highlighting the security fixes
For critical vulnerabilities, we may provide additional notification through:
- Repository README updates
- Social media announcements
- Direct communication to known affected users (when possible)
To help ensure the security of your application when using this package:
- Keep your dependencies up to date
- Monitor GitHub Security Advisories for this repository
- Follow the principle of least privilege when implementing features
- Implement proper input validation for any data that interacts with our library
- Follow our documentation for secure implementation patterns
We would like to thank the following security researchers for their responsible disclosures:
- This list will be updated as contributions are made
This policy is subject to change at any time, and updates will be posted here.