Skip to content

Security: davccavalcante/tokenforecast

Security

SECURITY.md

Security Policy

@takk/tokenforecast is a stable (1.0.0), zero-runtime-dependency cost forecaster that runs entirely inside your own process. We take security reports seriously and aim to acknowledge each one within two business days.

Supported versions

Each published version follows strict SemVer (see SPEC.md and .github/RELEASING.md). Only the latest minor of the current major receives security patches; an older major receives critical-CVE fixes for 6 months after the next major lands.

Package Supported
@takk/tokenforecast current latest dist-tag

Reporting a vulnerability

Please do not file public GitHub issues for security problems. Send reports to davcavalcante@proton.me (preferred) or say@takk.ag (Takk relay), with the subject line beginning [SECURITY].

Include, at minimum:

  • Affected version (npm ls @takk/tokenforecast).
  • Reproduction steps or a minimal proof-of-concept.
  • Impact assessment (what an attacker can achieve).
  • Any suggested mitigation.

PGP or signed reports are welcome but not required. If you need an out-of-band channel, ask in the first message and we will propose one.

Response process

  1. Acknowledgement within 2 business days.
  2. Triage and severity assignment within 7 days.
  3. Fix targeted for the next release; critical issues ship as an out-of-band patch on the affected minor.
  4. Coordinated disclosure: the reporter is credited in the changelog and advisory unless they request anonymity.

Threat model in scope

Findings in any of the following are in scope:

  • Input integrity. Any crafted event stream, series, or option that makes the engine produce NaN or Infinity, throw an uncaught error from a documented entry point, enter an unbounded loop, or silently return a misleading forecast that could drive a wrong budget decision without the honest interval or backtest reflecting the uncertainty.
  • Cost-data exposure. Token Forecast holds the cost events you record in process memory, which may carry your feature, user, or tenant identifiers. By design it makes zero outbound network calls and persists nothing. Any path that exfiltrates that data beyond your process, or smuggles it into a thrown error, is in scope.
  • Scenario and price-book handling. Any path through simulate, repriceEvents, or detectPriceShifts that misattributes cost or leaks the caller-supplied price book outside the call.
  • Supply chain. Tarball contamination, a compromised npm scope, or a published artifact whose provenance attestation does not match the source commit.

Out of scope

  • Forecast accuracy. A forecast being wrong is not a vulnerability. Token Forecast ships an explicit prediction interval and a backtested error on every result; the band, not the point, is the contract. A bad cold-start prior you supply produces a bad forecast (garbage in, garbage out).
  • The custody of your cost data before it reaches the library (your application, your storage), which is the operator's responsibility.
  • Denial of service via unbounded event arrays against your own application; input sizing remains the operator's responsibility.
  • The behavior, pricing, or billing of the LLM providers whose spend you record.

Supply-chain assurances

  • Zero required runtime dependencies. The transitive-dependency attack surface is eliminated for every shipped bundle, including the edge build and the CLI. The optional @takk sibling peers are resolved only when their bridge is imported.
  • Provenance. Every release is published with npm publish --provenance (SLSA attestation by GitHub Actions). Verify with npm view @takk/tokenforecast@<version> --json | jq .dist.attestations.
  • Lockfile committed. pnpm-lock.yaml is tracked in git for reproducible installs.

There aren't any published security advisories