The Void team takes security seriously. If you discover a security vulnerability in Void, please report it by emailing security@void-framework.dev.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if available)
- We will acknowledge receipt within 48 hours
- We will provide a detailed response within 7 days
- We will notify you when the vulnerability has been fixed
- Report the vulnerability privately first
- Allow us time to address the issue
- We will credit you in the security advisory (if desired)
| Version | Supported |
|---|---|
| 0.x.x | ✅ |
Void implements several security measures:
- 🔒 Type-safe APIs
- ✅ 100% test coverage
- 🛡️ No external dependencies (in core packages)
- 🔍 Regular security audits
- 📦 Signed releases
None at this time. Given that Void does nothing, the attack surface is minimal.
When using Void:
- Always use the latest version
- Keep dependencies updated
- Follow TypeScript strict mode
- Validate plugin sources
- Use environment variables for sensitive config
Thank you for helping keep Void secure! (Even though it does nothing, we appreciate your vigilance.)