Skip to content

Security: opensource-nepal/commitlint

.github/SECURITY.md

Security Policy

The 'commitlint' project is committed to maintaining the security and integrity of our software. This Security Policy outlines the steps we take to address security vulnerabilities, as well as the responsibilities of our contributors and users in reporting and resolving security-related issues.

Supported Versions

We provide security updates and support for the latest stable release of the 'commitlint' package. It is important to keep your software up to date to ensure you have the latest security patches.

Version Supported
>= 0.2.0

Reporting a Vulnerability

If you discover a security vulnerability within the project, we encourage you to report it the maintainers immediately. Promptly reporting security issues helps us protect our users and take appropriate actions to address the vulnerability. To report a security vulnerability, please follow these steps:

  1. Email at aj3sshh@gmail.com or sugatbajracharya49@gmail.com with a detailed description of the vulnerability. Please include the following information:

    • Description of the vulnerability, including steps to reproduce if applicable
    • Version of the commitlint package affected
    • Any potential mitigations or workarounds
  2. Our security team will acknowledge your report within 3 to 7 days and provide further instructions and communication regarding the vulnerability.

  3. We kindly request that you do not publicly disclose the vulnerability until we have had sufficient time to address it and provide a fix. We strive to resolve security vulnerabilities promptly and will work with you to coordinate disclosure if necessary.

  4. Once the vulnerability is confirmed and addressed, we will release a security update in the form of a new package version. We will credit the reporter if desired.

Security Updates and Mitigations

Upon receiving a security vulnerability report, our team will evaluate the issue and take appropriate actions to address it. This may include:

  • Developing and testing a patch or fix for the vulnerability
  • Coordinating with the reporter or other relevant parties to verify the vulnerability and its impact
  • Releasing a new version that includes the necessary security fixes

We strive to provide security updates in a timely manner and communicate any necessary steps for users to upgrade to the latest secure version.

Responsible Disclosure

We are committed to responsible disclosure of security vulnerabilities. Once a vulnerability has been addressed and a new package version is released, we encourage users and contributors to upgrade to the latest version to ensure they are protected.

While we appreciate the efforts of security researchers and users who report vulnerabilities, we kindly request that you follow responsible disclosure practices by allowing us sufficient time to address the issue and release a fix before disclosing the vulnerability publicly.

Disclaimer

The commitlint project is provided "as is," without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. In no event shall the package maintainers or contributors be liable for any claim, damages, or other liability arising from the use of the this commitlint project or any security-related incidents.

Contact

For any questions, concerns, or additional information regarding the commitlint project's security policy, please contact us at aj3sshh@gmail.com or sugatbajracharya49@gmail.com.

There aren’t any published security advisories