safedeps is a security tool, so it holds itself to the posture it enforces: local-only, no SaaS, zero runtime npm dependencies, fail-closed gates, and observable bypasses.
| Version | Supported |
|---|---|
| 2.x (latest minor) | ✅ |
< 2.0 (npm-reorg-guard) |
❌ — migrate with safedeps migrate |
Fixes land on the latest minor. Pin to a released tag for reproducibility.
Do not open a public issue for a vulnerability. Report it privately:
- Preferred — GitHub private advisory: the repo's Security → Report a vulnerability tab (https://github.com/aldegad/safedeps/security/advisories/new).
- Email —
aldegad@gmail.comwith[safedeps security]in the subject.
Please include: affected version (safedeps --json version), a minimal reproduction, the impact (e.g. a gate bypass, a fail-open path, a reorg that misses a threat), and any logs from ~/.safedeps/advisory.log / ~/.safedeps/reorg.log.
In scope — anything that defeats a gate or weakens its guarantees, for example:
- a dependency-install command that bypasses the PreToolUse guard or the PostToolUse effect gate;
- a malicious package whose closure or install scripts pass verification when they should reorg;
- a fail-open path (a gate that silently passes when it cannot run);
- a secret-leak lane bypass (a committed secret the scaffolded gate misses);
- ledger tampering that grants an unapproved spec (note: the ledger is a same-user convenience cache, not a boundary against a same-user attacker until signing lands — that limit is documented, not a vuln).
Out of scope — issues requiring an already-root/same-user attacker beyond the documented threat model, or third-party advisory-database accuracy (OSV/KEV/GHSA own their data).
- Acknowledgement within ~72 hours.
- A fix or mitigation plan for confirmed reports, coordinated before public disclosure.
- Credit in the release notes if you'd like it.
- No SaaS — local CLI + public databases (OSV / CISA KEV / GHSA) only.
- Zero npm dependencies — the tool ships no runtime deps; this is a deliberate security property, kept enforced by
npm packreview in CI. - No silent fallback — a provider/scanner miss is fail-closed (the install is denied). The one unavoidable exception is
jqbeing absent — it is needed to parse the hook payload — and even then the guard reads the raw payload and denies anything that looks like a dependency install, falling back to an explicit allow-with-warning only for non-install commands. Every such outcome is recorded in~/.safedeps/advisory.log.