Composable UI is an open-source accelerator sponsored by Orium. It provides the foundation for building blazing-fast modern composable e-commerce digital properties. It is built with best-in-class technologies including React, Next.js, Typescript, Chakra UI, and React Query. Composable UI can be integrated with any headless commerce, CMS, and other MACH services of your choice, but comes pre-integrated with Algolia search, Stripe for payments, and mocked commerce and CMS services.

In accordance with best practices, Composable UI has been scanned both by a static code analysis tool, has had an initial penetration test conducted against a reference architecture and had any relevant findings remediated.
However, this testing being conducted does not substitute for the need to conduct further, ongoing and personalized testing of your own. It is still the responsibility of those who download and use the code to conduct their own security testing prior to using it. Composable UI is a combination of custom code and third party dependencies (all that have their own maintainers). The nature of vulnerabilities in software is that the security landscape changes all the time and continuous scanning is necessary. Your use of Composable UI is at your own risk and you agree to conduct your own testing before deployment.

The use of Composable UI comes with no warranty. It is completely the responsibility of those who download and use the code to take the necessary precautions to utilize Composable UI in a way that is safe and secure. The code is provided "as is”, without any representations or warranties of any kind, either expressed or implied. You agree to release, indemnify, and hold Orium and its affiliates and subsidiaries, and their officers, directors, employees and agents, harmless from and against any third party claims, liabilities, damages, losses, and expenses, Your continued use of the product constitutes your acceptance of these terms.

Researchers and users of any type are welcome to identify potential security issues and submit them as pull requests against the Github repository for consideration. Depending on the veracity of the finding, Orium, in their sole discretion, may choose to compensate the reporter with a reward commensurate to the severity of the finding. Submission of a finding does not guarantee a reward. You may also email us at security-report@composable.com.

This security policy is subject to change at any time. Notification of an update to this security policy will be communicated via a commit to the Composable UI Github repository. Your continued use of the product constitutes acceptance of any changes.