Chore: adds a security policy

.github/ISSUE_TEMPLATE/feature_request.md

@@ -13,8 +13,8 @@ Ex. I'm always frustrated when [...]
 
 **Please follow the general troubleshooting steps first:**
 - [ ] I've searched on the [issue tracker](../) before creating one.
-- [ ] I'm running latest package version.
-- [ ] I'm ready to provide help with enhancement, if needed.
+- [ ] I'm running the latest package version.
+- [ ] I'm ready to provide help with enhancement if needed.
 - [ ] Feature will break current functionality
 
 **Describe the solution you'd like**

.github/ISSUE_TEMPLATE/vulnerability.md

@@ -0,0 +1,30 @@
+---
+name: Vulnerability
+about: Report a vulnerability
+title: 'Security: brief description'
+labels: security
+assignees: pustovitDmytro
+---
+
+**Issue Description**
+
+A clear and concise description of what the bug is. Paste here a brief summary of your issue. If you are able to, please also include: the type of vulnerability, for example, the OWASP category.
+
+**Please follow the general troubleshooting steps first:**
+- [ ] I've searched on the [issue tracker](../) before creating one.
+- [ ] The issue relates to the package's dependency.
+- [ ] The issue relates to the codebase.
+- [ ] I'm running the latest package version.
+- [ ] I'm ready to provide help with a fix if needed.
+
+**Screenshots**
+
+If applicable, add screenshots or logs showing the exploitation of the vulnerability.
+
+**Environment:**
+ - Version X.X.X
+ - Node.js version: XXX
+ - Operating System: XXX
+
+**Additional context**
+Add any other context about the problem here.

.github/SECURITY.md

@@ -0,0 +1,34 @@
+# Security Policy
+
+If you’ve found a vulnerability, we would like to know so we can fix it. This notice provides details for how you can let us know about vulnerabilities
+
+## Supported Versions
+
+Only last major version is currently being supported with security updates.
+
+## Reporting a Vulnerability
+
+To report a (suspected) security vulnerability in package code use the **Vulnerability Template** in the issues section.
+
+If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
+
+Report security bugs in third-party modules to the person or team maintaining the module. Use the **Vulnerability Template** if a dependency version update is needed to resolve the vulnerability.
+
+When you are investigating and reporting the vulnerability, you must not:
+
+* break the law
+* access unnecessary or excessive amounts of data
+* modify third-party data
+* use high-intensity invasive or destructive scanning tools to find vulnerabilities
+* try a denial of service - for example overwhelming a real service with a high volume of requests
+* disrupt production services or systems
+* tell other people about the vulnerability you have found until we have disclosed it
+* social engineer, phish or physically attack any staff or infrastructure
+* demand money to disclose a vulnerability
+
+## Bug bounty
+Unfortunately, we doesn't offer a paid bug bounty programme.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a pull request.