Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.x | ✅ (latest minor + patches + security fixes) |
| < 1.0 | ❌ |
We take security seriously, even for a small logging utility.
Please do NOT open a public GitHub issue if you find a potential security vulnerability.
Instead, please report it privately:
- Email: whostolemysleep@gmail.com
- Or via GitHub private vulnerability reporting (recommended):
→ Go to Security tab → Report a vulnerability
We will acknowledge receipt of your vulnerability report within 48 hours and strive to send regular updates about our progress.
We prefer all communication in English or Russian.
When a security issue is reported:
- We confirm the receipt and investigate
- We determine the severity and affected versions
- We develop a fix / mitigation
- We release a patch (and bump version via semantic-release)
- We publicly disclose the issue after users have had reasonable time to update
Thank you for helping keep @wsms/logger (and its users) safe!