Skip to content

Security: CMolG/onboarding-tools

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest minor release receives security updates while the package sits on the 0.x line. Once we ship 1.0, the previous minor will continue to receive critical patches for six months.

Reporting a Vulnerability

Please do not open a public GitHub issue for security problems. Instead, report them privately to the maintainer email listed in package.json.

When reporting, include:

  • A clear description of the issue and its impact.
  • Steps to reproduce, ideally with a minimal repository or snippet.
  • Affected versions of onboarding-tools and React.
  • Any suggested mitigation.

We will acknowledge your report within 72 hours, agree on a disclosure timeline, and credit you in the release notes unless you prefer to remain anonymous.

There aren't any published security advisories