| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
If you discover a security issue, please report it responsibly:
- Do not open a public GitHub issue
- Email the maintainer directly at
[email protected]or use GitHub Security Advisories - Include:
- Description of the issue
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Resolution target: Depends on severity
This policy applies to the rew-mcp npm package. Issues in dependencies should be reported to those projects directly.
When using this MCP server:
- Run with least-privilege permissions
- Keep Node.js and dependencies updated
- Review REW API access in your environment
- Use official releases from npm
Thank you for helping keep this project secure.