To report a vulnerability, please privately report it via the Security tab on the GitHub repository. If that is impossible, feel free to send an email to support@antelopejs.com instead.

All security vulnerabilities will be promptly verified and addressed.

While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of AntelopeJS and other dependencies by maintaining lock files (yarn.lock, package-lock.json and pnpm-lock.yaml) in order to ensure your application remains as secure as possible.

We would like to thank all security researchers and community members who have responsibly disclosed vulnerabilities to us.