# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.x.x | :white_check_mark: |
| < 1.0 | :x: |
## Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability, please follow these steps:
### ๐ Private Disclosure
**DO NOT** open a public issue for security vulnerabilities.
Instead, please report security issues via:
1. **GitHub Security Advisory**: [Report a vulnerability](../../security/advisories/new)
2. **Email**: security@yourdomain.com
### What to Include
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
### Response Timeline
- **Initial response**: Within 48 hours
- **Status update**: Within 7 days
- **Fix timeline**: Depends on severity
- Critical: 24-48 hours
- High: 7 days
- Medium: 30 days
- Low: 90 days
### Recognition
We appreciate responsible disclosure and may:
- Credit you in release notes
- Add you to our security acknowledgments
- Provide bug bounties (where applicable)
## Security Best Practices
When using this project:
1. **Keep dependencies updated**: Run `npm audit` regularly
2. **Use environment variables**: Never hardcode secrets
3. **Enable 2FA**: Protect your GitHub account
4. **Review code**: Always review third-party contributions
Thank you for helping keep our project secure! ๐ก๏ธ