@dino-hq/cli 0.1.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +42 -0
- package/dist/bin.js +93944 -1262
- package/package.json +21 -8
package/SECURITY.md
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
| Version | Supported |
|
|
6
|
+
|---------|-----------|
|
|
7
|
+
| 0.1.x | Yes |
|
|
8
|
+
|
|
9
|
+
## Reporting a Vulnerability
|
|
10
|
+
|
|
11
|
+
If you discover a security vulnerability in Dino, please report it responsibly.
|
|
12
|
+
|
|
13
|
+
**Email**: security@usedino.dev
|
|
14
|
+
|
|
15
|
+
Please include:
|
|
16
|
+
- Description of the vulnerability
|
|
17
|
+
- Steps to reproduce
|
|
18
|
+
- Impact assessment
|
|
19
|
+
- Any suggested fix (optional)
|
|
20
|
+
|
|
21
|
+
## Response Timeline
|
|
22
|
+
|
|
23
|
+
- **Acknowledgment**: Within 48 hours
|
|
24
|
+
- **Initial assessment**: Within 5 business days
|
|
25
|
+
- **Fix or mitigation**: Depends on severity, targeting 30 days for critical issues
|
|
26
|
+
|
|
27
|
+
## Scope
|
|
28
|
+
|
|
29
|
+
This policy covers:
|
|
30
|
+
- `@dino-hq/cli` (npm package)
|
|
31
|
+
- The Dino platform API
|
|
32
|
+
- All repositories under the [Dino-HQ](https://github.com/Dino-HQ) GitHub organization
|
|
33
|
+
|
|
34
|
+
## Out of Scope
|
|
35
|
+
|
|
36
|
+
- Vulnerabilities in third-party dependencies (report these to the upstream maintainer)
|
|
37
|
+
- Social engineering attacks
|
|
38
|
+
- Denial of service attacks against our infrastructure
|
|
39
|
+
|
|
40
|
+
## Credit
|
|
41
|
+
|
|
42
|
+
We credit reporters in our release notes unless they prefer to remain anonymous.
|