UNPKG

cardano-uri-parser

Version:

A modular, type-safe Cardano URI parser supporting CIP-13, claim, stake, browse, and future authorities.

github.com/crypto2099/cardano-uri-parser

crypto2099/cardano-uri-parser

84 lines (53 loc) 2.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Security Policy ## 📅 Supported Versions We release updates and security patches for the latest major version of `cardano-uri-parser`. | Version | Supported | |---------|-----------| | 1.x.x | Yes | --- ## 🚨 Reporting a Vulnerability If you discover a security vulnerability in `cardano-uri-parser`: 1️⃣ **DO NOT** open a public GitHub issue. 2️⃣ Instead, email: **Adam Dean** adam@crypto2099.io Please include: - A detailed description of the vulnerability - Steps to reproduce (if applicable) - Any relevant logs, stack traces, or code --- ## 🔒 Security Process Upon receiving a report, we will: - Investigate and verify the vulnerability - Determine the scope and impact - Provide a fix as soon as possible - Credit you (if desired) when the fix is published We are committed to working with the community to ensure the safety and integrity of this project. --- ## 🛡️ Security Release Checklist 1️⃣ **Triage vulnerability** - [ ] Review the report privately (via email, not public issues). - [ ] Confirm if the reported issue is valid. - [ ] Assess severity (low, medium, high, critical). - [ ] Determine if the vulnerability affects only this repo or other dependencies. 2️⃣ **Prepare patch** - [ ] Create a private fix branch. - [ ] Write tests covering the vulnerability. - [ ] Verify patch with high test coverage. 3️⃣ **Coordinate release** - [ ] Notify key dependents (if any) under embargo (optional, for critical vulnerabilities). - [ ] Prepare a release changelog with **security notice** (e.g., “CVE-xxxx-xxxx” if applicable). - [ ] Bump **patch version** (e.g., `1.0.3 1.0.4`). 4️⃣ **Publish fix** - [ ] Merge to `main`. - [ ] Let GitHub Actions handle build + publish. - [ ] Publish a **GitHub security advisory** (optional, for CVEs). 5️⃣ **Post-release** - [ ] Thank the reporter (credit them if they wish). - [ ] Monitor for regressions or follow-up reports. --- 🙏 Thank you for helping keep the Cardano ecosystem and developer tools secure!