If you believe you've found a security vulnerability in @grepr/cli or this
repository, please report it privately to eng@grepr.ai.
Please include:
- A description of the issue and the impact you believe it has
- Steps to reproduce, or a proof-of-concept if you have one
- The version of the CLI (or commit SHA) where you observed the issue
Do not open a public GitHub issue for security reports.
We aim to acknowledge new reports within two business days and will keep you updated as we investigate and remediate.
This policy covers the Grepr CLI distributed as @grepr/cli on npm and the
contents of this repository. Vulnerabilities in upstream dependencies should be
reported to the corresponding maintainers; if a CLI release ships with a known
vulnerable dependency, that is in scope.