UNPKG

@rbac/rbac

Version:

Blazing Fast, Zero dependency, Hierarchical Role-Based Access Control for Node.js

github.com/phellipeandrade/rbac

phellipeandrade/rbac

61 lines (42 loc) 2.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Security Policy ## Supported Versions The following versions of **@rbac/rbac** receive security updates and fixes. Only actively maintained releases will be patched in the event of a confirmed security issue. | Version | Supported | | ------- | --------- | | 2.1.x | yes | | 2.0.x | limited | | < 2.0 | no | - **2.1.x** is the current latest release on npm and is actively published. :contentReference[oaicite:1]{index=1} - **2.0.x** is an older release but may receive critical fixes at maintainers’ discretion. :contentReference[oaicite:2]{index=2} - Versions **below 2.0** are no longer maintained and are not eligible for security backports. :contentReference[oaicite:3]{index=3} ## Reporting a Vulnerability We take security issues seriously and encourage responsible disclosure. If you believe you have found a security vulnerability in this project, please follow the process below: ### How to Report 1. **Create a GitHub Issue with the `security` label** in the repository: https://github.com/phellipeandrade/rbac/issues 2. In the issue, include: - A clear description of the issue. - Steps to reproduce the issue. - Minimal reproduction code if applicable. - Affected version(s) (as specified in Supported Versions). ### What to Expect - You will receive an acknowledgement of your report within **5 business days**. - A core maintainer will evaluate the report and may request additional details. - If the issue is confirmed, the maintainers will: - Coordinate a fix. - Publish a patched release for supported versions. - Update this policy if needed. - You will be kept informed of progress via the GitHub issue. ### Confidentiality Please **do not publish or disclose details publicly** until a fix is available and communicated by project maintainers. ## Security Fix Backporting Security patches for confirmed vulnerabilities will be backported to supported versions when feasible. Unsupported versions will not receive patches. ## Disclosure Timeline | Stage | Target Duration | | --------------------------- | ---------------------- | | Acknowledgement of report | ≤ 5 business days | | Initial triage | ≤ 10 business days | | Fix coordination & release | Varies by severity | ## Contact For security reports and coordination, open an issue with the `security` label on the repository: https://github.com/phellipeandrade/rbac/issues