UNPKG

@nguyennhuy/zalo-api

Version:

Unofficial Zalo API for JavaScript

github.com/RFS-ADRENO/zca-js

RFS-ADRENO/zca-js

83 lines (56 loc) 3.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Security Policy ## Supported Versions We actively maintain and provide security updates for the following versions: | Version | Supported | | ------- | ------------------ | | 2.0.x | :white_check_mark: | | 1.x.x | :x: | | < 1.0 | :x: | ## Reporting a Vulnerability We take security vulnerabilities seriously. If you discover a security vulnerability in zca-js, please follow these steps: ### 1. **DO NOT** create a public GitHub issue Security vulnerabilities should be reported privately to prevent potential exploitation. ### 2. Report the vulnerability Send an email to the maintainers with the following information: - **Subject**: `[SECURITY] zca-js vulnerability report` - **Description**: Detailed description of the vulnerability - **Steps to reproduce**: Clear steps to reproduce the issue - **Impact assessment**: Potential impact of the vulnerability - **Suggested fix** (if available): Any suggestions for fixing the issue ### 3. Response timeline - **Initial response**: Within 48 hours - **Status update**: Within 1 week - **Resolution**: As soon as possible, typically within 30 days ## Security Considerations ### Important Warnings ⚠️ **This is an unofficial API library** that simulates browser interactions with Zalo Web. Please be aware of the following security considerations: 1. **Account Risk**: Using this API may result in your Zalo account being locked or banned. Use at your own risk. 2. **Authentication**: The library handles sensitive authentication data. Ensure proper security measures when storing or transmitting this information. 3. **Rate Limiting**: Respect Zalo's rate limits to avoid triggering security measures. 4. **Data Privacy**: Be mindful of user privacy and comply with relevant data protection regulations. ### Best Practices 1. **Environment Variables**: Store sensitive configuration in environment variables, not in code 2. **HTTPS Only**: Always use HTTPS when transmitting data 3. **Input Validation**: Validate all inputs before processing 4. **Error Handling**: Implement proper error handling to avoid information disclosure 5. **Regular Updates**: Keep the library updated to the latest version ### Known Limitations - This library is not officially supported by Zalo - API endpoints and behavior may change without notice - No guarantee of service availability or stability - May break with Zalo Web updates ## Security Updates Security updates will be released as patch versions (e.g., 2.0.1, 2.0.2) and will be clearly marked in the changelog. ## Contact Information For security-related issues, please contact: - **GitHub Issues**: Create a private issue with the `[SECURITY]` label - **GitHub Discussions**: Use the "Security" category for general security questions - **Team Members**: - [@RFS-ADRENO](https://github.com/RFS-ADRENO) - [@truong9c2208](https://github.com/truong9c2208) - [@JustKemForFun](https://github.com/JustKemForFun) - **Alternative**: Contact any team member through GitHub for urgent security matters ## Acknowledgments We appreciate security researchers and community members who responsibly disclose vulnerabilities. Contributors will be acknowledged in our security advisories unless they prefer to remain anonymous. --- **Note**: This security policy is subject to change. Please check back regularly for updates.