If you discover any security-related issues or vulnerabilities in @onlang-org/onst, please follow these steps to report it responsibly:

1. Do not create a public GitHub issue. Security vulnerabilities should be reported privately.

2. Email the details to krajat4@gmail.com. Please include a thorough description of the issue, steps to reproduce it, and any additional information that might be relevant.

3. Allow some time for the maintainers to assess and address the vulnerability.

To enhance the security of your @onlang-org/onst scripts and applications, consider the following best practices:

1. Avoid Hardcoding Sensitive Information:

   • Do not hardcode sensitive information (e.g., API keys, passwords) directly into your @onlang-org/onst scripts or configuration files.

2. Secure External System Integration:

   • When interacting with external systems (e.g., Qualtrics, Salesforce), ensure secure handling of authentication tokens, credentials, and sensitive data.

3. Regularly Update Dependencies:

   • Keep @onlang-org/onst and its dependencies up-to-date to benefit from security patches and improvements.

4. Validate User Input:

   • If your @onlang-org/onst scripts accept user input, validate and sanitize the input to prevent potential security vulnerabilities like injection attacks.

5. Audit Object Creation:

   • Regularly review and audit the @onlang-org/onst scripts for object creation, ensuring that the generated objects adhere to the intended security policies.

@onlang-org/onst is open-source software released under the MIT License. By using or contributing to this project, you agree to abide by its terms.