We provide security updates for the following versions of EnvGuard:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities very seriously. If you discover a security issue in EnvGuard, we appreciate your help in disclosing it to us in a responsible manner.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please send an email to judextine28@gmail.com with the subject line "[SECURITY] Vulnerability Report".
- We will acknowledge receipt of your report within 48 hours
- We will keep you informed about the progress of the fix
- We will credit you in our security advisories (unless you prefer to remain anonymous)
- We aim to provide a fix within 30 days of the report
- Always keep your VS Code and EnvGuard extension up to date
- Review and customize the default patterns in your settings
- Be cautious when sharing your screen or recording your development environment
- Use environment-specific .env files (e.g., .env.development, .env.production)
- Never commit .env files to version control
- Follow the principle of least privilege
- Use secure coding practices
- Keep dependencies up to date
- Review all third-party code before integration
- Use environment variables for all sensitive configuration
Security updates will be released as patch versions (e.g., 1.0.0 → 1.0.1). We recommend always using the latest version of EnvGuard.
Security advisories will be published on our GitHub Security Advisories page.
We currently do not have a formal bug bounty program, but we may offer rewards for significant security reports at our discretion.
By submitting a security report, you agree to the following:
- You give us permission to use your report for the purpose of improving security
- You will not publicly disclose the vulnerability until we've had time to address it
- You make a good faith effort to avoid privacy violations, data destruction, and service interruption during your testing