dev-sync handles SFTP credentials, host key verification, and local-to-remote file synchronization. Please do not open public issues for vulnerabilities or credential-handling concerns.
To report a security issue, email the maintainer at the address listed on the GitHub profile for benkleyner, or use GitHub's private vulnerability reporting if it is enabled for the repository.
Please include:
- A concise description of the issue.
- Steps to reproduce or a proof of concept.
- The affected version or commit.
- Any suggested mitigation.
The project aims to acknowledge valid reports within 7 days.