This project follows a patched-only dependency policy.
| Component | Supported |
|---|---|
| Next.js | Latest patched stable release |
| React | Latest patched stable release |
| Node.js | LTS versions only (18.x, 20.x) |
Experimental, canary, or unpatched versions are not supported.
If you discover a security vulnerability, please do not open a public issue.
Instead, report it responsibly using one of the following methods:
- Open a Private GitHub Security Advisory
- Contact the maintainers through a private channel if available
We aim to review valid reports as quickly as possible.
This project follows these security principles:
- Uses patched, stable versions of core dependencies
- Avoids experimental or canary releases in production
- Commits lockfiles to ensure reproducible builds
- Runs dependency audits before deployment
- Validates all user inputs
- Protects server-side actions with authentication and authorization
- Verifies webhook signatures
- Does not expose secrets to the client
The following are considered out of scope:
- Denial of service via excessive traffic
- Social engineering attacks
- Vulnerabilities in third-party services outside this repository
Thank you for helping keep this project secure.