qibla/.github/wiki/SECURITY.md

26 lines
701 B
Markdown

# Security Policy
## Supported Versions
| Version | Supported |
| --- | --- |
| 1.x | Yes |
## Reporting a Vulnerability
Do not open a public GitHub issue for security vulnerabilities.
Email: aric.camarata@gmail.com
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix, if you have one
You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days.
## Scope
This package is a pure math library. It performs no network requests, reads no files, and holds no credentials. All computations are deterministic spherical geometry. The primary security concern would be a supply-chain compromise of the npm package.