If you discover a security vulnerability in TestingBot CLI, please report it responsibly.
Please report security vulnerabilities by emailing [email protected] or by opening a GitHub Security Advisory.
When reporting a vulnerability, please include:
- Description — A clear description of the vulnerability and its potential impact
- Steps to Reproduce — Detailed steps to reproduce the issue
- Affected Versions — Which versions of the CLI are affected
- Public Disclosure — Whether the vulnerability has been publicly disclosed elsewhere
- We will acknowledge your report within 48 hours
- We will provide an initial assessment within 1 week
- We will work with you to understand and resolve the issue
- We will notify you when the vulnerability has been fixed
We kindly ask that you:
- Do not publicly disclose the vulnerability until we have had a chance to address it
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do provide us reasonable time to fix the issue before any public disclosure
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
Security updates will be released as patch versions and announced through:
- GitHub Security Advisories
- npm package updates
Thank you for helping keep TestingBot CLI and its users safe!