hijri-core/.github/wiki/SECURITY.md

26 lines
712 B
Markdown

# Security Policy
## Supported Versions
| Version | Supported |
| --- | --- |
| 1.x | Yes |
## Reporting a Vulnerability
Do not open a public GitHub issue for security vulnerabilities.
Email: aric.camarata@gmail.com
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix, if you have one
You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days.
## Scope
This package is a pure computation library. It performs no network requests, reads no files, and holds no credentials. All calendar conversion logic is deterministic arithmetic. The primary security concern would be a supply-chain compromise of the npm package.