UNPKG

scaffold-scripts

Version:

Simple CLI tool for managing and running your own scripts. Add any script, run it anywhere.

github.com/ChrisColeTech/scaffold-scripts

ChrisColeTech/scaffold-scripts

65 lines (44 loc) 2.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Security Policy ## Supported Versions We actively support the following versions with security updates: | Version | Supported | | ------- | ------------------ | | 3.x.x | :white_check_mark: | | 2.x.x | :x: | | 1.x.x | :x: | ## Reporting a Vulnerability We take security seriously. If you discover a security vulnerability, please follow these steps: ### Private Disclosure 1. **Do not** create a public GitHub issue for security vulnerabilities 2. Email security details to: [INSERT_EMAIL] or use GitHub's private vulnerability reporting 3. Include as much detail as possible about the vulnerability 4. Allow us reasonable time to respond before any public disclosure ### What to Include When reporting a vulnerability, please include: - Description of the vulnerability - Steps to reproduce the issue - Potential impact - Suggested fix (if any) - Your contact information ### Response Timeline - **Initial Response**: Within 48 hours - **Status Update**: Within 1 week - **Fix Timeline**: Varies based on complexity, but we aim for 30 days maximum ### Security Best Practices When using Scaffold Scripts: 1. **Script Validation**: Always review scripts before adding them to your library 2. **Source Trust**: Only add scripts from trusted sources 3. **Permissions**: Be aware that scripts run with your user permissions 4. **Regular Updates**: Keep the package updated to the latest version ### Known Security Considerations - Scripts execute with the same permissions as the user running them - Scripts can access environment variables and system resources - Automatic script conversion between platforms should be reviewed before execution - Interactive input handling may expose sensitive information in logs ## Security Features Scaffold Scripts includes several security features: - Script validation before execution - Platform-specific security warnings - Controlled execution environment - No automatic script downloads or remote execution For questions about security, please contact the maintainers.