This security policy applies to all repositories under the @tarampampam GitHub account.
If you discover a security vulnerability in any project maintained under this account:
- Preferred: Send a detailed report via email to [email protected]
- Alternatively: Use GitHub’s private security advisory form for the affected repository
Please do not create public issues or pull requests that include details of the vulnerability.
Your report should include:
- A clear description of the vulnerability and its potential impact
- Steps to reproduce or proof of concept, if available
- Any known mitigations or temporary workarounds
All security reports are handled through responsible disclosure:
- Vulnerabilities must be reported privately before public disclosure
- I aim to acknowledge your report within one week
- Once verified, I will work to reproduce, fix, and release an update as soon as practical
- Public disclosure will occur only after a fix or mitigation is available, unless otherwise agreed upon
This policy covers:
- All public and private repositories under the @tarampampam GitHub account
- Source code, build configurations, and deployment artifacts published in these repositories
Out of scope:
- Security issues in third-party dependencies. Such vulnerabilities should be reported upstream to the original maintainers.
Your contributions help keep this software ecosystem secure and reliable - thank you.