| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability in PermX, please report it responsibly:
- Do not open a public GitHub issue
- Email security concerns to the maintainers (see package.json for contact)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 48 hours and provide a fix within 7 days for critical issues.
PermX is an authorization library. When using it:
- Always validate user input before passing to
authorize()orauthorizeApi() - Use HTTPS for all API communication
- Store permission data in a secured database
- Use the
superAdmincheck sparingly and audit its usage - Enable multi-tenancy isolation when serving multiple tenants
- Rotate any exposed secrets immediately