| Version | Supported |
|---|---|
| 0.x.x | ✅ |
We take the security of @jfungus/ratelimit seriously. If you have discovered a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to the maintainers or use GitHub's private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Provide a detailed description of the vulnerability
- Type of vulnerability (e.g., bypass, denial of service, information disclosure)
- Full paths of source file(s) related to the vulnerability
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability
- Acknowledgment of your report within 48 hours
- Regular updates on the progress of addressing the vulnerability
- Credit in the security advisory (if you wish)
When using @jfungus/ratelimit in production:
- Use distributed storage for multi-instance deployments (Redis, Cloudflare KV, etc.)
- Set appropriate limits based on your application's needs
- Monitor rate limiting to detect potential attacks
- Keep dependencies updated to receive security patches
Thank you for helping keep @jfungus/ratelimit secure!