UNPKG

geothai

Version:

An npm package for Node.js to access detailed geographic data on Thailand, including provinces, districts, subdistricts, and postal code. 🌟

51 lines (30 loc) 2.83 kB
# Security Policy ## Reporting Security Vulnerabilities If you discover a security vulnerability in the **GeoThai** npm package, please follow these guidelines to report it responsibly: 1. **Do Not Open Public Issues**: Please do not disclose security vulnerabilities publicly, as this can put users at risk. Instead, report vulnerabilities privately. 2. **Email Us Directly**: Send a detailed report to [contact@fasu.dev](mailto:contact@fasu.dev). Include the following information: - A description of the vulnerability. - Steps to reproduce the issue. - Any potential impact or exploit scenarios. - Proof of concept or sample code, if applicable. 3. **Follow Up**: We will acknowledge your report within 48 hours and provide an estimated timeline for resolution. We will work with you to understand the issue and address it as quickly as possible. ## Responsible Disclosure To ensure a coordinated and responsible disclosure, please follow these practices: - **Do Not Exploit**: Avoid exploiting the vulnerability or using it in a way that could cause harm to users or systems. - **Private Disclosure**: Wait for us to release a fix before disclosing the vulnerability publicly. - **Collaborate**: Provide any additional information or assistance that may help us address the issue. ## Security Updates - **Patch Releases**: Security updates will be released as soon as possible. We will publish updates and advisories on our GitHub repository and notify users of critical patches. - **Versioning**: All security fixes will be included in patch releases. Please keep your package up to date to ensure you have the latest security patches. ## Security Practices We take security seriously and follow best practices to protect our codebase and users: - **Code Reviews**: All changes to the codebase are reviewed by multiple maintainers to catch potential security issues. - **Automated Testing**: We use automated testing tools to identify vulnerabilities and ensure the security of our package. - **Zero Dependencies**: The **GeoThai** package has no external dependencies, reducing the risk of vulnerabilities introduced through third-party code. ## Additional Resources For more information on security practices and responsible disclosure, you may refer to the following resources: - [OWASP Security Guide](https://owasp.org/www-project-top-ten/) - [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) ## Contact If you have any questions or need further assistance regarding security, please reach out to us at [contact@fasu.dev](mailto:contact@fasu.dev). Thank you for helping us keep **GeoThai** secure. Your vigilance and cooperation are greatly appreciated. 🙏