File tree Expand file tree Collapse file tree 1 file changed +39
-0
lines changed Expand file tree Collapse file tree 1 file changed +39
-0
lines changed Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ ## Supported Versions
4+
5+ Any non-deprecated version labelled on [ npm] ( https://npmjs.com/package/quickpostgres ) is supported for vulnerability reports.
6+
7+ ## Reporting a vulnerability
8+
9+ Security vulnerability must not be made in public. Instead, they must be privately reported to one of the repository maintainers:
10+
11+ - [ GodderE2D] ( main@godder.xyz )
12+
13+ Your report will be reviewed within 7 days via a follow-up email to the ` reply-to ` field on your original email.
14+ If a ` reply-to ` field is not present, we will follow-up to the email address you used to send the email.
15+
16+ It is advised to provide a backup email address if you cannot access your primary email address.
17+ It is also advisable to include your GitHub username if all other methods fail.
18+
19+ If we follow up to your report and you do not reply within 14 days, your report will automatically be discarded.
20+ You will receive a notification about this and you will need to create another report if you wish to continue.
21+
22+ ** ⚠ Warning**
23+ For security reasons, we do not accept email address domains that has one of the following TLDs (top level domains):
24+
25+ - .tk
26+ - .ml
27+ - .ga
28+ - .cf
29+ - .gq
30+
31+ ## Qualifying vulnerabilities
32+
33+ All valid vulnerability types are currently supported.
34+
35+ ## Acceptance rewards
36+
37+ As a reward, your GitHub username will be featured on our [ README] ( https://github.com/GodderE2D/quickpostgres/blob/main/README.md ) if you agree to it.
38+
39+ We are currently unable to financially reward you for vulnerability reports for the time being.
You can’t perform that action at this time.
0 commit comments