Wasla is currently in active development. Security fixes are provided for the latest published version only.
| Version | Supported |
|---|---|
| Latest npm release | Yes |
| Older releases | No |
Do not open a public GitHub issue for a suspected vulnerability.
Report vulnerabilities privately through the repository's Security Advisories page.
Include:
- A clear description of the vulnerability and its impact
- Steps to reproduce the issue or a proof of concept
- Affected versions and environments, when known
- Any suggested mitigation or fix, if available
The maintainers will acknowledge the report, investigate it, and coordinate remediation before public disclosure. Response and release timing depends on the severity and complexity of the issue.
Security reports may include issues affecting:
- CLI commands and configuration handling
- File discovery, synchronization, and path handling
- Generated files and registry state
- Published npm package contents
For non-sensitive bugs or hardening suggestions that do not expose a vulnerability, open a regular GitHub issue.