Thank you for taking the time to help improve the security of webdev-power-kit. We take all reports of potential vulnerabilities seriously and are committed to keeping this toolkit safe and trustworthy for developers.
If you discover a security vulnerability, please report it privately and responsibly by emailing:
π§ contact via mail
Please include:
- A clear description of the issue
- Steps to reproduce it (if applicable)
- Any potential impact it might cause
We will acknowledge your report within 2 business days and work on a fix promptly. Public disclosure should only occur after the issue has been resolved and released.
This project interacts with several browser APIs and user-facing behaviors. Security concerns may include (but are not limited to):
- Abuse of clipboard or geolocation APIs
- Insecure handling of data in local/session storage
- Incorrect permission checks for browser APIs
- Exposure of sensitive information
- Denial-of-service (DoS) vulnerabilities
We follow responsible disclosure practices and encourage researchers to:
- Avoid intentionally harming user data or devices
- Avoid accessing unnecessary or excessive data
- Never publicly disclose without coordination
All valid reports are appreciated and your efforts may be credited in release notes or the acknowledgments section.
We build with security in mind:
- No 3rd-party tracking or analytics libraries
- All utilities follow the principle of least privilege
- Only access browser APIs when explicitly called
- Secure-by-default with proper error handling
We appreciate your contribution to making webdev-power-kit a secure and developer-friendly package.
For general issues or feature suggestions, please use GitHub Issues: π https://github.com/dev-aditya-lab/webdev-power-kit/issues