Skip to content

docs: add SECURITY.md#59

Open
YAMRAJ13y wants to merge 1 commit into
JCodesMore:masterfrom
YAMRAJ13y:docs/add-security-policy
Open

docs: add SECURITY.md#59
YAMRAJ13y wants to merge 1 commit into
JCodesMore:masterfrom
YAMRAJ13y:docs/add-security-policy

Conversation

@YAMRAJ13y

@YAMRAJ13y YAMRAJ13y commented Jun 24, 2026

Copy link
Copy Markdown

The repo has no security policy, so GitHub doesn't surface a "Report a vulnerability" path and there's no private channel for it — security-ish reports like the npm audit findings in #22 have had to go in as public issues.

This adds a short SECURITY.md:

  • report privately through GitHub Security Advisories, with the Discord as a fallback
  • what to include in a report
  • what's in scope (bundled deps, the scripts/ helpers, config defaults)
  • a short responsible-use note pointing at the README's existing "Not Intended For" section

No code touched — just the policy file.

There's no SECURITY.md, so there's no private way to report a
vulnerability - things like the npm audit report in JCodesMore#22 end up as public
issues.

Adds a short policy: report privately via GitHub Security Advisories (or
Discord as a fallback), what to include, what's in scope (deps, the helper
scripts, config defaults), plus a responsible-use note pointing at the
README's "Not Intended For" section.
@YAMRAJ13y YAMRAJ13y force-pushed the docs/add-security-policy branch from ffdb059 to 7899782 Compare June 30, 2026 04:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant