qibla/.github/wiki/SECURITY.md

701 B

Security Policy

Supported Versions

Version Supported
1.x Yes

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Email: aric.camarata@gmail.com

Include:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested fix, if you have one

You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days.

Scope

This package is a pure math library. It performs no network requests, reads no files, and holds no credentials. All computations are deterministic spherical geometry. The primary security concern would be a supply-chain compromise of the npm package.