Skip to content

Commit 6ac1787

Browse files
Rajesh-RoyalRajesh-Royal
committed
feat: add CODEOWNERS and SECURITY policy files
1 parent 7771f43 commit 6ac1787

File tree

2 files changed

+62
-0
lines changed

2 files changed

+62
-0
lines changed

.github/CODEOWNERS

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# CODEOWNERS file
2+
# Lines are matched top-to-bottom; the last matching pattern takes precedence.
3+
# Reference <https://docs.github.com/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners>
4+
5+
# Default owner(s) for everything in the repo
6+
* @Rajesh-Royal
7+
8+
# Documentation
9+
/docs/ @Rajesh-Royal
10+
11+
# GitHub metadata
12+
/.github/ @Rajesh-Royal
13+
14+
# Library source (TypeScript) and build outputs
15+
/src/ @Rajesh-Royal
16+
/lib/ @Rajesh-Royal

SECURITY.md

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
We generally support (accept vulnerability reports against) the latest published minor version on npm. Older versions may be fixed selectively if the patch is low risk.
6+
7+
| Version | Supported |
8+
| ------- | --------- |
9+
| latest ||
10+
| < latest | ⚠️ security issues may not be patched |
11+
12+
## Reporting a Vulnerability
13+
14+
If you discover a security vulnerability:
15+
16+
1. DO NOT open a public issue.
17+
2. Email: `security@placeholder.invalid` (replace with a real contact) OR use GitHub private vulnerability reporting if enabled.
18+
3. Provide a minimal reproduction, impact assessment, and proposed disclosure timeline.
19+
20+
We'll acknowledge receipt within 72 hours and aim to provide an initial remediation plan within 7 days.
21+
22+
## Handling & Disclosure Process
23+
24+
1. Triage & reproduce.
25+
2. Assess severity (CVSS-like scoring internal).
26+
3. Develop & test fix.
27+
4. Release a patched version to npm.
28+
5. Publicly disclose via release notes / changelog after users have reasonable upgrade window.
29+
30+
## Best Practices for Users
31+
32+
- Always pin to a specific version range and upgrade promptly when patches release.
33+
- Avoid exposing internal fingerprint outputs directly to clients beyond needed scope.
34+
- Sanitize and validate any data you persist.
35+
36+
## Scope
37+
38+
This policy covers code in this repository published as the `@rajesh896/broprint.js` package.
39+
40+
## Out of Scope
41+
42+
- Social engineering attacks.
43+
- Issues requiring privileged local access.
44+
- Vulnerabilities in third-party dependencies unless we can reasonably patch or mitigate.
45+
46+
Thank you for helping keep the community safe.

0 commit comments

Comments
 (0)