Thank you for helping keep this project and its users safe.

This repository is a boilerplate. For this template itself, only the latest published version is actively supported with security updates. If you use this repository as a starting point for your own package, define and maintain a policy that fits your needs.

Please do not open public GitHub issues for security vulnerabilities.

• Submit a private report via GitHub Security Advisories: https://github.com/hebertcisco/ts-npm-package-boilerplate/security/advisories/new
• If you cannot use advisories, you may open a minimal, non-exploitable issue requesting a security contact, and we will follow up privately.

• A description of the issue and potential impact.
• Steps to reproduce or a proof of concept (PoC).
• Affected versions, if known.
• Any suggested mitigations.

• Triage within 2 business days.
• Status updates at least weekly while under investigation.
• If confirmed, we aim to publish a patch or mitigation within 14 days. Complex issues may take longer; we will communicate timelines.
• We credit reporters in release notes if desired and appropriate.

We will not pursue legal action for good-faith, non-destructive research that respects the following:

• Do not access, modify, or exfiltrate data you do not own.
• Do not degrade service or impact other users.
• Do not perform social engineering or physical security testing.

Thank you for your responsible disclosure and for helping improve the security of the ecosystem.