We take security seriously and appreciate your efforts to make Smash-Node-Lib and the Smash Protocol safer for everyone. This document outlines the supported versions and provides guidance on reporting vulnerabilities.
Smash-Node-Lib is currently in the v0.0.0-alpha release and is not yet supported for production use.
| Version | Supported? |
|---|---|
| 0.0.0 | ❌ Not Supported |
Future versions will have explicit support policies.
If you discover a security issue, we encourage you to report it promptly. Here's how to report a vulnerability:
-
Email Us: Send details of the vulnerability to our security team at security@smashchats.com.
-
Provide Detailed Information: Include the following in your report:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact and any known mitigation.
- Your contact information (optional).
-
Response Timeline:
- We will acknowledge your report within 2 business days.
- We will investigate the issue and respond with our findings and next steps within 5 business days.
-
Coordinated Disclosure:
- To protect users, we request you not disclose the vulnerability publicly until we have resolved the issue.
While the library is in alpha, we recommend the following precautions:
- Development Only: Avoid using the library in production environments.
- Stay Updated: Always use the latest version of the library.
- Review Dependencies: Check third-party dependencies for vulnerabilities regularly.
For any other security-related concerns, please contact us at security@smashchats.com.
Thank you for helping make Smash-Node-Lib secure!