| Version | Supported |
|---|---|
| 3.x | ✅ |
| 2.x | ❌ |
| < 2.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please email me@erdem.work with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution: Depending on severity, typically within 30 days
- Confirmation that we received your report
- Assessment of the vulnerability
- Regular updates on our progress
- Credit in the release notes (if desired)
This policy applies to the Strime core library (strime npm package).
Third-party dependencies are outside the scope of this policy, but we will coordinate with upstream maintainers when relevant.