We actively maintain and provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take the security of our scripts seriously. If you discover a security vulnerability, please follow these steps:
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Create a private security advisory on GitHub.
Include the following information:
- Type of issue (e.g., code injection, privilege escalation, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Assessment: We will assess the vulnerability and its impact within 5 business days
- Updates: We will provide regular updates on our progress
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- We will work with you to coordinate disclosure
- We prefer responsible disclosure after a fix is available
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- Review scripts before running them on your system
- Run with minimal privileges - don't use sudo unless absolutely necessary
- Test in non-production environments first
- Keep dependencies updated (GitHub CLI, jq, etc.)
- Use fine-grained personal access tokens when possible
- Regularly rotate your GitHub credentials
- Review token permissions periodically
- Don't share credentials or commit them to repositories
- Backup important repositories before running bulk operations
- Test on a few repositories before processing large batches
- Review script outputs for any unexpected behavior
- Use dry-run modes when available
Our scripts include input validation, but always:
- Verify repository names before processing
- Check selection ranges to avoid unintended operations
- Validate user permissions for target repositories
- Scripts respect GitHub API rate limits
- Monitor your API usage in the GitHub settings
- Use authenticated requests for higher rate limits
- Scripts include error handling for common scenarios
- Check exit codes and error messages
- Report unexpected behaviors through proper channels
We will announce security updates through:
- GitHub Security Advisories
- Release notes with clear security indicators
- README updates for critical security information
For any security-related questions or concerns:
- Email: noro.saroyan@gmail.com
- GitHub Security Advisories: Available in this repository
- Encrypted communication: Available upon request
Thank you for helping keep our project and community safe!