diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..8ea8d0ba --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## ⚠️ Reporting a Vulnerability + +To report a vulnerability, please send an email to [security+ufo@unjs.io](mailto:security+ufo@unjs.io) or submit it for a bounty via [Huntr](https://huntr.dev/bounties/disclose/?target=https://github.com/unjs/ufo). + +All security vulnerabilities will be promptly verified and addressed. + +We recommend to regulary upgrade and publish with the latest versions of used packages and sub-dependencies by maintaining lock files (`yarn.lock`, `package-lock.json` and `pnpm-lock.yaml`) in order to ensure your application remains as secure as possible.