nrel-spa/.github/wiki/SECURITY.md
Aric Camarata aa850f806c feat(e6): portfolio polish — docs, CI, TypeScript standard, wiki
- Trim README to ≤80 lines with wiki link for full docs
- Add CHANGELOG.md with initial entry
- Fix CI: replace pinned pnpm/action-setup with corepack enable
- Add "type": "module" and flat exports map (ADR-015)
- Add ./package.json exports entry
- Add coverage script
- Rename lib/spa.js → lib/spa.cjs to fix CJS/ESM conflict under "type": "module"
- Update src/index.ts and tsup.config.ts to reference spa.cjs
- Add .github/wiki pages: _Sidebar, _Footer, Contributing, SECURITY, CODE_OF_CONDUCT
2026-05-28 13:59:43 -04:00

29 lines
913 B
Markdown

# Security Policy
## Supported Versions
| Version | Supported |
| --- | --- |
| 2.x | Yes |
| 1.x | No |
Only the latest major version receives security fixes.
## Reporting a Vulnerability
Do not open a public GitHub issue for security vulnerabilities.
Email: aric.camarata@gmail.com
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix, if you have one
You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days. Once a fix is ready and deployed, the vulnerability will be disclosed publicly with credit to the reporter (unless you prefer to remain anonymous).
## Scope
This package is a pure computation library. It performs no network requests, reads no files, and holds no credentials. The algorithm is a direct port of the [NREL SPA C source](https://midcdmz.nrel.gov/spa/) and contains no dynamic code loading.