We take security seriously at Tuteliq. If you discover a security vulnerability in this SDK, please report it responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please send an email to:

📧 security@tuteliq.ai

Include the following information:

1. Description of the vulnerability
2. Steps to reproduce the issue
3. Potential impact of the vulnerability
4. Suggested fix (if any)

• Acknowledgment: Within 48 hours of your report
• Initial assessment: Within 5 business days
• Resolution timeline: Depends on severity, typically within 30 days
• Credit: We'll credit you in the security advisory (unless you prefer anonymity)

When using the Tuteliq SDK:

// ✅ Good - Use environment variables
const tuteliq = new Tuteliq(process.env.TUTELIQ_API_KEY)

// ❌ Bad - Never hardcode API keys
const tuteliq = new Tuteliq('sk_live_abc123...')

// ✅ Good - Use SDK on the server
// API route handler
app.post('/analyze', async (req, res) => {
  const result = await tuteliq.analyze(req.body.content)
  res.json(result)
})

// ❌ Bad - Never expose API key in client-side code
// This exposes your API key to all users!

The SDK validates inputs, but always sanitize user content:

// ✅ Good - Sanitize before sending
const sanitized = sanitizeInput(userContent)
const result = await tuteliq.analyze(sanitized)

This SDK includes several security measures:

1. Locked API endpoint - Cannot be redirected to malicious servers
2. Input validation - Content length and message count limits
3. API key validation - Minimum length and type checks
4. Timeout protection - Prevents hanging requests
5. No secrets in errors - Error messages don't leak sensitive data

We thank the following security researchers for responsibly disclosing vulnerabilities:

No vulnerabilities reported yet.

Tuteliq AB Stockholm, Sweden tuteliq.ai