Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Security: nirholas/plugin.delivery

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x.x ✅ Active support
< 1.0 ❌ No support

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in Plugin Delivery or any SperaxOS component:

Do NOT

  • Open a public GitHub issue
  • Post about it on social media
  • Exploit the vulnerability

Do

  1. Email: Send details to [email protected]
  2. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Any suggested fixes

Response Timeline

  • 24 hours: Initial acknowledgment
  • 72 hours: Preliminary assessment
  • 7 days: Detailed response with fix timeline
  • 30 days: Public disclosure (coordinated)

Scope

This policy covers:

  • @sperax/plugin-sdk
  • @sperax/chat-plugins-gateway
  • plugin.delivery website
  • Official SperaxOS plugins

Out of Scope

  • Third-party plugins
  • Vulnerabilities in dependencies (report to upstream)
  • Social engineering attacks

Security Best Practices for Plugin Developers

Manifest Security

{
  "api": [
    {
      "url": "https://your-secure-api.com/endpoint",
      // Always use HTTPS
    }
  ]
}

API Security

  • Validate all inputs
  • Use rate limiting
  • Implement proper CORS
  • Never expose secrets in client-side code

Data Handling

  • Don't store sensitive user data
  • Use encryption for any stored data
  • Follow data minimization principles

Thank you for helping keep SperaxOS secure! 🛡️

There aren’t any published security advisories