We actively support the following versions of debug-fmt with security updates:
| Version | Supported | Security Status |
|---|---|---|
| 1.x.x | ✅ | ✅ Secure (0 vulnerabilities) |
Current Security Rating: ✅ SECURE
- Vulnerabilities: 0 known vulnerabilities
- Last Audit: Clean (npm audit passed)
- Security Validation: All checks passing
- Dependencies: Secured with version overrides
We take security vulnerabilities seriously. If you discover a security vulnerability in debug-fmt, please report it responsibly.
- Email: Send details to josefrancisco.verdu@gmail.com
- GitHub: Create a private security advisory on our GitHub repository
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
- Affected versions
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Critical issues within 30 days, others within 90 days
debug-fmt includes comprehensive security validation:
- Pre-publish security checks: Automated vulnerability scanning before package publication
- Source code validation: Scans for security anti-patterns and debugging artifacts
- Dependency monitoring: Automated audits of all dependencies
- Security configuration validation: Ensures proper security setup
- Zero-vulnerability policy: Maintain clean audit results
- Dependency overrides: Force secure versions for transitive dependencies
- Regular security audits: Automated checks in CI/CD pipeline
- Security-first development: Security validation integrated into development workflow
When using debug-fmt:
- Keep dependencies updated to their latest secure versions
- Avoid logging sensitive information in production environments
- Use environment variables for configuration instead of hardcoded values
- Regularly audit your dependencies using
npm audit - Use the built-in security validation:
npm run security:validate
# Run comprehensive security check
npm run security:check
# Run security validation
npm run security:validate
# Audit dependencies
npm run security:audit
# Fix automatically fixable issues
npm run security:fix- We will acknowledge receipt of vulnerability reports within 48 hours
- We will provide regular updates on our progress
- We will credit researchers who responsibly disclose vulnerabilities (unless they prefer to remain anonymous)
- We will publish security advisories for confirmed vulnerabilities
Security updates will be released as patch versions and announced through:
- GitHub releases
- npm package updates
- Security advisories on GitHub
- SECURITY_IMPROVEMENTS.md updates
debug-fmt maintains enterprise-grade security standards:
- ✅ Zero Known Vulnerabilities: Clean audit across all dependencies
- ✅ Automated Security Validation: Comprehensive pre-publish security checks
- ✅ Secure Dependency Management: Version overrides for vulnerable transitive dependencies
- ✅ Security Documentation: Complete security policy and procedures
- ✅ Community Standards: Code of conduct and contribution guidelines
Thank you for helping keep debug-fmt secure!