| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email security concerns to: security@kopexa.com
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of your report
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity
- Critical: 24-48 hours
- High: 7 days
- Medium: 30 days
- Low: 90 days
- We follow responsible disclosure practices
- Security fixes will be released as soon as possible
- Credit will be given to reporters (unless anonymity is requested)
- We will coordinate disclosure timing with you
This package follows security best practices:
- Supply Chain Security: npm provenance enabled for package verification
- Dependency Management: Automated security updates via Dependabot
- Code Scanning: CodeQL analysis on all PRs
- Minimal Dependencies: Zero runtime dependencies
- Type Safety: Full TypeScript with strict mode
Verify package integrity using npm provenance:
npm audit signatures