The following versions of Screenshot_Algo are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow responsible disclosure practices.
DO NOT open a public GitHub issue for critical security vulnerabilities.
Instead, please report them using one of these methods:
-
GitHub Security Advisory (Preferred)
- Go to Security Advisories
- Create a new private security advisory
-
Email
- Send details to: security@example.com
- Use PGP encryption if available (key available on request)
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Impact: What could an attacker accomplish?
- Reproduction Steps: How to reproduce the issue
- Affected Versions: Which versions are affected?
- Suggested Fix: If you have ideas for a fix
- Initial Response: Within 48 hours
- Status Update: Within 5 business days
- Resolution Target: Within 90 days for critical issues
- Acknowledgment: We'll acknowledge receipt of your report
- Assessment: We'll assess the severity and impact
- Fix Development: We'll work on a fix if needed
- Coordinated Disclosure: We'll coordinate with you on disclosure timing
- Credit: We'll credit you in our security advisory (if desired)
- Keep your dependencies up to date
- Use environment variables for sensitive configuration
- Never commit secrets to version control
- Use HTTPS for all communications
- Review third-party dependencies before adding them
- Follow secure coding practices
- Never log sensitive information
- Validate all user input
- Use parameterized queries
- Keep dependencies updated
- Run
npm auditregularly
Screenshot_Algo implements the following security measures:
- Dependency Scanning: Automated scanning via Dependabot and npm audit
- Code Scanning: CodeQL analysis on all PRs
- Secret Detection: Pre-commit hooks to prevent secret commits
- Access Control: Principle of least privilege
- Secure Defaults: Security-focused default configurations
We appreciate security researchers who help keep Screenshot_Algo secure:
Thank you for helping keep Screenshot_Algo and its users safe!