Skip to content

Security: requestbin/curlconverter

Security

SECURITY.md

Security Policy

πŸ”’ Supported Versions

We actively support the latest version of cURL Converter:

Version Supported
1.x.x βœ…
< 1.0 ❌

πŸ›‘οΈ Security Features

Client-Side Processing

All cURL parsing and code generation happens entirely in your browser. We:

  • βœ… Never send your cURL commands to our servers
  • βœ… Never store your data anywhere
  • βœ… Never track individual requests or conversions
  • βœ… Use local JavaScript execution only

Data Privacy

  • No cookies beyond essential functionality
  • No third-party analytics (unless explicitly configured)
  • No user accounts or authentication required
  • No personal data collection

Browser Security

  • All external links use rel="noopener noreferrer"
  • Content Security Policy headers configured
  • HTTPS-only in production
  • No inline scripts in production build

🚨 Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please:

βœ… DO:

  1. Email us directly at: security@requestbin.net
  2. Provide details:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)
  3. Give us time to respond (48-72 hours)
  4. Wait for confirmation before public disclosure

❌ DON'T:

  • Don't open a public GitHub issue for security vulnerabilities
  • Don't share details publicly before we've addressed it
  • Don't exploit the vulnerability beyond proof-of-concept testing

πŸ“ž Response Timeline

Stage Timeline
Initial Response Within 48 hours
Triage & Assessment Within 1 week
Fix Development 2-4 weeks (depends on severity)
Public Disclosure After fix is deployed

πŸ† Recognition

We appreciate security researchers who help us keep our users safe. With your permission, we'll:

  • Credit you in our changelog
  • Mention you in the fix commit
  • Add you to our security acknowledgments

πŸ” Security Best Practices

If you're self-hosting or forking this project:

Environment Variables

  • Never commit .env files
  • Use .env.example as template
  • Rotate secrets regularly

Dependencies

# Check for vulnerabilities
npm audit

# Fix vulnerabilities
npm audit fix

# Update dependencies
npm update

Build Security

  • Use official Node.js versions only
  • Verify package integrity with lock files
  • Enable Dependabot alerts (GitHub)

Deployment

  • Use HTTPS only (no HTTP)
  • Configure security headers:
    • X-Content-Type-Options: nosniff
    • X-Frame-Options: DENY
    • Content-Security-Policy
    • Strict-Transport-Security
  • Keep deployment platform updated

πŸ“š Additional Resources

πŸ“§ Contact

For security-related inquiries:

For general questions, use GitHub Discussions.

Last Updated: November 29, 2025

There aren’t any published security advisories