Thank you for helping to keep PWA Generator secure! We take the security of our project seriously and appreciate your efforts in responsibly disclosing any vulnerabilities you may find.
Currently, PWA Generator is in pre-release. The latest version is 0.4.0. While we appreciate security reports for all versions, we prioritize addressing vulnerabilities found in the latest release.
If you discover a security vulnerability in PWA Generator, please report it to us responsibly. Do not publicly disclose the vulnerability until we have had a chance to investigate and address it.
To report a vulnerability, please follow these steps:
-
Private Disclosure: Send an email to [email protected]. This allows us to coordinate a fix before the vulnerability is publicly known, minimizing potential harm.
-
Information to Include: In your report, please provide the following information to help us understand and reproduce the vulnerability:
- Description of the vulnerability: A clear and concise explanation of the security issue.
- Steps to reproduce: Detailed steps on how to reproduce the vulnerability. This may include specific input values, configurations, or actions.
- Affected versions: The specific version(s) of PWA Generator affected by the vulnerability.
- Potential impact: A description of the potential impact of the vulnerability, including any possible consequences for users.
- Proof of concept (if available): If possible, provide a proof-of-concept exploit or demonstration of the vulnerability. This can significantly aid in our investigation.
-
Our Response: We will acknowledge receipt of your report within [Number] business days and will work to investigate and address the vulnerability as quickly as possible. We will keep you updated on our progress.
We encourage responsible disclosure of security vulnerabilities. This means:
- Private reporting: Reporting the vulnerability to us privately first.
- Giving us reasonable time to respond: Allowing us a reasonable timeframe to investigate and address the vulnerability before public disclosure.
- Avoiding public disclosure before a fix is available: Refraining from publicly disclosing the vulnerability until a fix has been released or we have provided a coordinated disclosure plan.
This security policy applies to the PWA Generator project itself, including the source code, website, and related infrastructure under our control.
The following are considered out of scope for this security policy:
- Vulnerabilities in third-party dependencies (unless they directly impact PWA Generator).
- Social engineering attacks.
- Denial-of-service (DoS) attacks against our infrastructure (unless they exploit a specific vulnerability in PWA Generator).
- Issues that do not have a direct security impact.
- Best practices violations without clear security implications.
At this time, we do not offer a bug bounty program. However, we greatly appreciate your contributions to the security of PWA Generator and will publicly acknowledge your responsible disclosure (with your permission) in our release notes or other appropriate channels.
For security-related inquiries, please contact us at [email protected].
We are committed to maintaining the security of PWA Generator and thank you for your help in this effort.