Skip to content

Latest commit

 

History

History
39 lines (25 loc) · 1.02 KB

File metadata and controls

39 lines (25 loc) · 1.02 KB

Security Policy

Security Posture

This repository is intentionally dependency-zero for its initial release.

It uses only local Node.js built-ins and does not require:

  • npm package installation,
  • PyPI package installation,
  • third-party CLI tools,
  • GitHub Actions,
  • containers,
  • browser extensions,
  • live API keys,
  • network calls.

Reporting Issues

Use GitHub Security Advisories where available. Do not attach private system paths, credentials, client data, production logs, or non-public implementation details to public reports.

Dependency Policy

No dependency may be added without a written security review. See docs/supply-chain-policy.md.

Data Policy

The repository uses synthetic examples only. It must not include client data, private source snippets, real schemas, production logs, account data, private deployment details, or credential material.

Local Execution

Expected local commands:

node --test
node scripts/redaction-scan.js

Both commands use only local files and Node built-ins.