Zap Studio packages follow Semantic Versioning (SemVer). Only the latest major version of each package (@zap-studio/fetch, @zap-studio/waitlist, @zap-studio/webhooks) is officially maintained.

We strongly recommend keeping your dependencies up to date to benefit from all new features, improvements, and security patches. Older major versions are not maintained or patched.

If you discover a security vulnerability in any Zap Studio package or documentation, please report it privately to avoid potential abuse before a fix is available.

• Email: [email protected]
• Please include:
  • A clear description of the vulnerability
  • The affected package(s) and version(s)
  • Steps to reproduce
  • Impact assessment (if known)
  • A proposed fix (optional but appreciated)

We aim to acknowledge all reports. Critical issues may be prioritized.

This policy applies to:

• The @zap-studio/fetch package
• The @zap-studio/waitlist package
• The @zap-studio/webhooks package
• The documentation hosted at zapstudio.dev

This policy does not apply to:

• Projects using Zap Studio packages (these are user projects)
• Third-party dependencies

• Contributions are welcome, but please avoid submitting vulnerabilities through public pull requests.
• We recommend auditing your projects periodically, especially before deploying to production.

Thank you for helping keep Zap Studio packages secure.