geothai
Version:
An npm package for Node.js to access detailed geographic data on Thailand, including provinces, districts, subdistricts, and postal code. 🌟
51 lines (30 loc) • 2.83 kB
Markdown
# Security Policy
## Reporting Security Vulnerabilities
If you discover a security vulnerability in the **GeoThai** npm package, please follow these guidelines to report it responsibly:
1. **Do Not Open Public Issues**: Please do not disclose security vulnerabilities publicly, as this can put users at risk. Instead, report vulnerabilities privately.
2. **Email Us Directly**: Send a detailed report to [contact@fasu.dev](mailto:contact@fasu.dev). Include the following information:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact or exploit scenarios.
- Proof of concept or sample code, if applicable.
3. **Follow Up**: We will acknowledge your report within 48 hours and provide an estimated timeline for resolution. We will work with you to understand the issue and address it as quickly as possible.
## Responsible Disclosure
To ensure a coordinated and responsible disclosure, please follow these practices:
- **Do Not Exploit**: Avoid exploiting the vulnerability or using it in a way that could cause harm to users or systems.
- **Private Disclosure**: Wait for us to release a fix before disclosing the vulnerability publicly.
- **Collaborate**: Provide any additional information or assistance that may help us address the issue.
## Security Updates
- **Patch Releases**: Security updates will be released as soon as possible. We will publish updates and advisories on our GitHub repository and notify users of critical patches.
- **Versioning**: All security fixes will be included in patch releases. Please keep your package up to date to ensure you have the latest security patches.
## Security Practices
We take security seriously and follow best practices to protect our codebase and users:
- **Code Reviews**: All changes to the codebase are reviewed by multiple maintainers to catch potential security issues.
- **Automated Testing**: We use automated testing tools to identify vulnerabilities and ensure the security of our package.
- **Zero Dependencies**: The **GeoThai** package has no external dependencies, reducing the risk of vulnerabilities introduced through third-party code.
## Additional Resources
For more information on security practices and responsible disclosure, you may refer to the following resources:
- [OWASP Security Guide](https://owasp.org/www-project-top-ten/)
- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)
## Contact
If you have any questions or need further assistance regarding security, please reach out to us at [contact@fasu.dev](mailto:contact@fasu.dev).
Thank you for helping us keep **GeoThai** secure. Your vigilance and cooperation are greatly appreciated. 🙏