Skip to content

Security: opalcompany/shelljs

Security

.github/SECURITY.md

ShellJS Security Policy

Thank you for reaching out regarding the security of the ShellJS module! Please note that this project is maintained on a best-effort basis, however I still intend to prioritize reviewing and addressing security issues.

Supported Versions

I generally only support the latest ShellJS release (see https://www.npmjs.com/package/shelljs). My goal is to release security fixes as patch releases on top of whatever was most recently shipped.

If breaking changes have already landed on the main development branch, I may apply the patch on the relevant release branch (ex. 0.8-release and create a new release from there.

Reporting a Vulnerability

Please report security vulnerabilities to [email protected]. I should respond within a few days. Although it's not strictly required, it helps me out if you can include any proof of concept exploit code, suggested fix, etc.

Please do not publicly disclose the suspected vulnerability until I have a chance to review your report. I'd like a chance to patch the code before the issue is known to the public.

Please only use this email for security issues. It's also OK to use the email if you're legitimately unsure if this is a security issue (better safe than sorry). But for all other non-security issues, please use the GitHub issue tracker.

There aren’t any published security advisories