Skip to content

Security: nirholas/xeepy

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x.x
< 1.0

Reporting a Vulnerability

If you discover a security vulnerability in Xeepy, please report it responsibly:

DO NOT

  • ❌ Open a public GitHub issue
  • ❌ Disclose the vulnerability publicly before it's fixed
  • ❌ Exploit the vulnerability

DO

  • ✅ Email security concerns privately
  • ✅ Provide detailed reproduction steps
  • ✅ Allow time for us to address the issue

Contact

Please report security vulnerabilities to the repository owner via:

What to Include

  1. Description of the vulnerability
  2. Steps to reproduce
  3. Potential impact
  4. Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial assessment: Within 1 week
  • Fix deployment: Depends on severity

Scope

Security issues we care about:

  • Session/cookie theft vulnerabilities
  • Code injection possibilities
  • Credential exposure risks
  • Privilege escalation
  • Data leakage

Out of Scope

  • Rate limiting bypass (intentionally not prevented in tool code)
  • X/Twitter Terms of Service violations (user responsibility)
  • Social engineering attacks

Security Best Practices for Users

Protect Your Session

# DON'T commit session files
# Add to .gitignore:
session.json
cookies.json
*.session

# DON'T share your session
# Sessions contain authentication tokens

Environment Variables

# DON'T hardcode API keys
# BAD:
ai = ContentGenerator(api_key="sk-abc123...")

# GOOD:
import os
ai = ContentGenerator(api_key=os.environ.get("OPENAI_API_KEY"))

Use .env Files

# Create .env file (never commit!)
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...

# Add to .gitignore
.env
.env.local

Verify Downloads

# Verify package integrity
pip install xeepy --require-hashes

# Or check package checksums
pip hash xeepy

Responsible Use

Xeepy is for educational purposes only. Users must:

  1. Comply with X/Twitter Terms of Service
  2. Respect rate limits
  3. Not use for harassment or spam
  4. Not scrape private/protected content without permission
  5. Comply with applicable laws (GDPR, CCPA, etc.)

Thank you for helping keep Xeepy secure! 🛡️

There aren’t any published security advisories