At nspin, we take security very seriously. This document outlines our security policy, explains the types of issues we address, and provides guidelines for reporting vulnerabilities. Our goal is to ensure a secure experience for all users.

• SECURITY.md
  • Index
  • Supported Versions
  • Reporting a Vulnerability
  • Our Response Process
  • Security Best Practices
  • Additional Resources

We actively support the latest version of nspin. If you discover a vulnerability in an older, unsupported version, please upgrade to the latest release and verify if the issue persists.

If you discover a security vulnerability in nspin, please follow these guidelines:

1. Do Not Create a Public Issue: Avoid public disclosure of vulnerabilities as it may expose the issue to malicious parties. Instead, report the vulnerability privately.

2. Contact Us Securely: Send an email with your report to: [email protected]

3. Include the Following Information:

   • Description: A clear and detailed description of the vulnerability.
   • Reproduction Steps: Step-by-step instructions to reproduce the issue, including any relevant code samples or configuration details.
   • Environment Details: Information about your environment, such as:
     • Node.js version (ensure it's Node.js v22+)
     • Operating system and version
     • nspin version in use
   • Impact: Describe the potential impact of the vulnerability.
   • Logs and Screenshots: Any error messages, logs, or screenshots that can help diagnose the issue.
   • Contact Information: Your email or other preferred contact details (optional, if you agree to be contacted for further clarification).

• Acknowledgment: We will acknowledge receipt of your report within 72 hours.

• Investigation: Our security team will investigate the reported issue promptly and work on a fix if necessary.

• Resolution and Disclosure: Once a vulnerability is confirmed and a fix is implemented, we will release an update and provide public disclosure of the issue. We will give appropriate credit to the reporter if desired.

• Keep Software Updated: Always run the latest version of nspin and update your Node.js environment regularly.

• Monitor Vulnerabilities: Stay informed about potential vulnerabilities in your dependencies and follow security advisories.

• Use Secure Coding Practices: Review and adhere to security best practices when integrating nspin into your projects.

• Node.js Security Best Practices
• Common Vulnerabilities and Exposures (CVE)

Thank you for helping us make nspin a secure and reliable tool.