Skip to content

Security: mrmeaow/smslib

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.x

Reporting a Vulnerability

If you discover a security vulnerability within smslib, please follow our responsible disclosure process:

  1. DO NOT create a public GitHub issue

  2. Email mrmeaow@pm.me with:

    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Any suggested fixes (optional)

  3. We aim to respond within 48 hours

  4. Once validated, we will:

    • Acknowledge receipt
    • Work on a fix
    • Request CVE assignment if applicable
    • Publish security advisory on GitHub

Security Best Practices

When using smslib:

  • Never commit API keys or credentials to version control
  • Use environment variables for sensitive configuration
  • In production, use HTTPS for all API communications
  • Regularly rotate API keys/secrets
  • Follow the principle of least privilege for access tokens

Dependencies

We use pnpm audit to regularly check for vulnerabilities in dependencies. Run locally:

pnpm audit

There aren't any published security advisories