Create an RFC 9116 compliant security.txt file.
$ npx create-security-txt --help
Create an RFC 9116 compliant security.txt file.
Usage: create-security-txt -c URL -e DAYS [OPTIONS...]
Options:
--contact, -c A link or e-mail address for people to
contact you about security issues.
Remember to include "https://" for URLs,
and "mailto:" for e-mails.
--expires, -e Expiration in days from now or an ISO date
string when the content of the security.txt file
should be considered stale (so security
researchers should then not trust it).
--lang, -l A language code that your security team
speaks.
--canonical, -u The URLs for accessing your security.txt
file. It is important to include this if
you are digitally signing the
security.txt file, so that the location
of the security.txt file can be digitally
signed too.
--encryption, -x A link to a key which security researchers
should use to securely talk to you.
Remember to include "https://".
--ack, -a A link to a web page where you say thank
you to security researchers who have
helped you. Remember to include
"https://".
--policy, -p A link to a policy detailing what security
researchers should do when searching for
or reporting security issues. Remember to
include "https://".
--hiring, -h A link to any security-related job
openings in your organisation. Remember
to include "https://".
Examples:
Write to stdout:
create-security-txt -c security@example.com -e 30
Write a GPG signed file to the .well-known directory:
create-security-txt -c itsec@example.org -e 7 | gpg --clearsign > .well-known/security.txtUsing npm:
npm install create-security-txt --globalUsing yarn:
yarn global add create-security-txtMIT © Marc Görtz
