Skip to content

Latest commit

 

History

History
46 lines (31 loc) · 2.43 KB

SECURITY.md

File metadata and controls

46 lines (31 loc) · 2.43 KB

Security Policy

Reporting a Vulnerability

If you believe you've found a security vulnerability in this project, please follow the steps below:

1. Do Not Open an Issue

  • Please do not open an issue on GitHub or any other public forum.
  • To protect the security and privacy of both you and others, please report the vulnerability privately.

2. Send an Email

  • You can report the vulnerability via email to: [lucentix.outlook.com].
  • Include a description of the vulnerability, including the steps to reproduce it (if possible), and any relevant details that can help us fix the issue.

3. Security Response Process

  • After we receive your report, we will review the details and work to confirm and resolve the issue.
  • We will prioritize fixing the vulnerability and release an updated version of the project as soon as possible.
  • We will also notify you once the fix has been deployed, and if appropriate, we will give you credit in the release notes or acknowledgments section.

4. Stay Up to Date

  • We encourage you to check the repository regularly for security updates.
  • If you are using the project in production, it is important to keep it up-to-date with the latest releases to mitigate any known vulnerabilities.

Security Best Practices

To improve the overall security of this project, follow these best practices:

  1. Keep Dependencies Up to Date:

    • This project uses various npm dependencies. Always ensure you are using the latest stable versions to avoid known security vulnerabilities.
    • Run npm audit regularly to check for security issues in dependencies.

  2. Review Permissions:

    • Make sure that the project does not include unnecessary permissions or features that could introduce security risks.

  3. Secure Code Practices:

    • Avoid hardcoding sensitive information (such as passwords or API keys) in the code. Use environment variables or external secrets management services instead.

  4. Use HTTPS:

    • If deploying this project to a production environment, ensure that your website uses HTTPS to protect data in transit.

  5. Use Content Security Policy (CSP):

    • Implement a strong Content Security Policy (CSP) to prevent cross-site scripting (XSS) attacks.

Acknowledgments

We would like to thank the security community for their commitment to improving the security of open-source software. Your efforts help keep our users and projects safe.