Skip to content

Security: rabisnaqvi/Astral.js

SECURITY.md

Security Policy

Reporting Security Issues

At Astral.js, we take security vulnerabilities and concerns seriously. We appreciate your efforts to responsibly disclose any potential vulnerabilities you discover to us.

To report a security issue, please email us at rabisnaqvi@gmail.com. We will work with you to investigate and address the issue promptly.

We kindly request that you refrain from publicly disclosing vulnerabilities until we have had the opportunity to review and address them.

Supported Versions

The following table lists the versions of Astral.js that are currently supported with security updates. If your version is not listed, it means it has reached end-of-life and no longer receives security patches.

Version Supported
1.x.x
0.x.x

We encourage you to upgrade to a supported version if you are using an older, unsupported release.

Security Best Practices

To ensure the security of your applications using Astral.js, we recommend following these best practices:

  • Keep your dependencies up to date: Regularly update Astral.js to the latest version as it may include security patches and bug fixes.
  • Implement input validation and sanitization: Validate and sanitize all user input to prevent security vulnerabilities such as XSS (Cross-Site Scripting) and SQL injection attacks.
  • Use secure communication channels: When transmitting sensitive data, make sure to use secure communication channels such as HTTPS to protect against eavesdropping and data tampering.
  • Follow secure coding practices: Adhere to secure coding practices, such as proper data encryption, secure session management, and user authentication and authorization.
  • Stay informed about security updates: Subscribe to Astral.js's release notifications and security advisories to stay informed about the latest security updates and vulnerabilities.

Vulnerability Disclosure Process

When a security vulnerability is reported to us, we follow a structured process to ensure timely handling and resolution:

  1. Report submission: Report the vulnerability to us via email at rabisnaqvi@gmail.com.
  2. Acknowledgment: We will acknowledge your report within 8 business days and provide you with details of our internal review process.
  3. Investigation and verification: Our security team will investigate and verify the reported vulnerability.
  4. Resolution and patching: Once verified, we will develop a fix for the vulnerability and release a patch.
  5. Public disclosure: We will work with you to determine an appropriate timeline for public disclosure after the vulnerability has been resolved.

We greatly appreciate your assistance in disclosing any security vulnerabilities responsibly and cooperating with us throughout the resolution process.

Bug Bounty Program

At this time, we do not offer a bug bounty program. However, we genuinely appreciate and recognize the efforts of security researchers in responsibly disclosing vulnerabilities to us.

Contact

If you have any further questions or need to contact us regarding security-related matters, please email us at rabisnaqvi@gmail.com.

Thank you for helping us keep Astral.js secure!

There aren’t any published security advisories