| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
If you discover a security vulnerability in WealthyWidgets, please do not open a public GitHub issue.
Instead, report it privately via one of the following:
- GitHub Security Advisories — Report a vulnerability (preferred)
- Email — security@wealthywidgets.dev
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- The affected version(s)
We will acknowledge your report within 48 hours and aim to release a patch within 7 days for critical issues.
WealthyWidgets is a client-side UI component library. The main security surface areas are:
- XSS via
dangerouslySetInnerHTML— we do not use this anywhere in the library - Dependency vulnerabilities — run
npm auditand open a PR or issue for affected packages - AI prompt injection — the
onAiGeneratecallback is entirely user-supplied; WealthyWidgets does not make any AI API calls itself
Thank you for helping keep WealthyWidgets safe!