Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
No change to code. This adds a security policy. Issue #1058
- Loading branch information
Showing
1 changed file
with
27 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# ShellJS Security Policy | ||
|
||
Thank you for reaching out regarding the security of the ShellJS module! Please | ||
note that this project is maintained on a best-effort basis, however I still | ||
intend to prioritize reviewing and addressing security issues. | ||
|
||
## Supported Versions | ||
|
||
I generally only support the latest ShellJS release (see | ||
https://www.npmjs.com/package/shelljs). My goal is to release security fixes as | ||
patch releases on top of whatever was most recently shipped. | ||
|
||
If breaking changes have already landed on the main development branch, I may | ||
apply the patch on the relevant release branch (ex. | ||
[`0.8-release`](https://github.com/shelljs/shelljs/commits/0.8-release) and | ||
create a new release from there. | ||
|
||
## Reporting a Vulnerability | ||
|
||
Please report security vulnerabilities to ntfschr@gmail.com. I should respond | ||
within a few days. Please **do not** disclose the nature of the suspected | ||
vulnerability publicly. | ||
|
||
Please **only** use this email for security issues. It's also OK to use the | ||
email if you're legitimately unsure if this is a security issue (better safe | ||
than sorry). But for all other non-security issues, please use the GitHub issue | ||
tracker. |