Thank you for reaching out about security! Please note that this project is maintained on a best-effort basis, however I still intend to prioritize reviewing and addressing security issues.
I generally only support the latest release (see https://www.npmjs.com/package/shelljs-plugin-sleep). My goal is to release security fixes as patch releases on top of whatever was most recently shipped.
Please report security vulnerabilities to [email protected]. I should respond within a few days. Although it's not strictly required, it helps me out if you can include any proof of concept exploit code, suggested fix, etc.
Please do not publicly disclose the suspected vulnerability until I have a chance to review your report. I'd like a chance to patch the code before the issue is known to the public.
Please only use this email for security issues. It's also OK to use the email if you're legitimately unsure if this is a security issue (better safe than sorry). But for all other non-security issues, please use the GitHub issue tracker.