From ab04185a12b47a3e58096a114843807b334fd7d5 Mon Sep 17 00:00:00 2001 From: Nate Fischer Date: Thu, 6 Jan 2022 22:13:09 -0800 Subject: [PATCH] chore: add SECURITY.md No change to code. This adds a security policy. Issue #1058 --- .github/SECURITY.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..08358936 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,27 @@ +# ShellJS Security Policy + +Thank you for reaching out regarding the security of the ShellJS module! Please +note that this project is maintained on a best-effort basis, however I still +intend to prioritize reviewing and addressing security issues. + +## Supported Versions + +I generally only support the latest ShellJS release (see +https://www.npmjs.com/package/shelljs). My goal is to release security fixes as +patch releases on top of whatever was most recently shipped. + +If breaking changes have already landed on the main development branch, I may +apply the patch on the relevant release branch (ex. +[`0.8-release`](https://github.com/shelljs/shelljs/commits/0.8-release) and +create a new release from there. + +## Reporting a Vulnerability + +Please report security vulnerabilities to ntfschr@gmail.com. I should respond +within a few days. Please **do not** disclose the nature of the suspected +vulnerability publicly. + +Please **only** use this email for security issues. It's also OK to use the +email if you're legitimately unsure if this is a security issue (better safe +than sorry). But for all other non-security issues, please use the GitHub issue +tracker.