We actively support the following versions of move-prop-types:
| Version | Supported |
|---|---|
| 0.8.x | β Yes |
| 0.7.x | β No |
| < 0.7 | β No |
We take security seriously. If you discover a security vulnerability, please report it responsibly:
- Email: Send details to [email protected] (if available) or create a private security advisory on GitHub
- GitHub Security Advisory: Use the "Report a vulnerability" button in the Security tab
- Do NOT: Open a public issue for security vulnerabilities
Please provide:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix if you have one
- Your contact information for follow-up
- 24 hours: Initial acknowledgment
- 72 hours: Preliminary assessment
- 7 days: Detailed response with fix timeline
- 30 days: Target resolution (critical issues prioritized)
- move-prop-types modifies source code files
- Always backup your code before running transformations
- Review changes before committing to version control
- Use in trusted environments only
- Our regex patterns are designed to prevent ReDoS attacks
- We validate input patterns to avoid catastrophic backtracking
- Report any patterns that cause excessive processing time
- We regularly audit dependencies for vulnerabilities
- Dependencies are automatically updated for security patches
- We use
pnpm auditin our CI pipeline
- File paths are validated to prevent directory traversal
- File content is sanitized to prevent code injection
- Command-line arguments are properly escaped
When using move-prop-types:
- Backup First: Always backup your codebase before transformation
- Review Changes: Inspect all modifications before committing
- Test Thoroughly: Run your test suite after transformation
- Trusted Sources: Only run on code you trust
- Input Validation: Validate all user inputs
- Safe Defaults: Use secure defaults for all operations
- Error Handling: Don't expose sensitive information in errors
- Dependencies: Keep dependencies updated and audited
Before each release, we verify:
- All dependencies are up to date
- No known vulnerabilities in dependencies
- Input validation is comprehensive
- File operations are safe and contained
- Error messages don't leak sensitive information
- Regular expressions are tested for ReDoS
- Code has been reviewed for security issues
When we receive security reports:
- Assessment: We evaluate the severity and impact
- Fix Development: We develop and test a fix
- Coordinated Disclosure: We work with reporters on timing
- Release: We release patches and security advisories
- Communication: We notify users through appropriate channels
For security-related questions or concerns:
- Security Issues: Use GitHub Security Advisory
- General Security Questions: Open a regular GitHub issue
- Urgent Matters: Contact repository maintainers directly
We appreciate responsible disclosure and will:
- Credit security researchers (with permission)
- Provide details in our security advisories
- Consider security contributions for special recognition
Thank you for helping keep move-prop-types secure! π