| Version | Supported |
|---|---|
| 1.x.x | ✅ |
The security of our software is important to us. If you discover a security vulnerability, please follow these guidelines:
- Do NOT open a public issue for security vulnerabilities
- Email us directly at security@clywell.com
- Include detailed information about the vulnerability:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes
- Initial response: Within 48 hours
- Status update: Within 7 days with either a resolution timeline or request for additional information
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- We will coordinate with you on the disclosure timeline
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- We follow responsible disclosure practices
This package primarily handles UI state and doesn't process sensitive data directly. However, we take security seriously for:
- Dependencies: Regular updates and vulnerability scanning
- Build process: Secure CI/CD pipeline
- Package integrity: Signed releases and checksums
We currently do not offer a bug bounty program, but we greatly appreciate responsible disclosure of security issues.
For security-related questions or concerns:
- Email: security@clywell.com
- Please include "SECURITY" in the subject line