@ealforque/sequelize-field-parser 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +16 -0
- package/package.json +5 -2
package/SECURITY.md
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting a Vulnerability
|
|
4
|
+
|
|
5
|
+
If you discover a security vulnerability in this package, please report it by opening an issue or emailing the maintainer at ealforque@gmail.com. Do not disclose security issues publicly until they have been reviewed and patched.
|
|
6
|
+
|
|
7
|
+
## Supply Chain Security Practices
|
|
8
|
+
|
|
9
|
+
- All dependencies are audited in CI using `npm audit --audit-level=high`.
|
|
10
|
+
- Automated dependency updates are enabled via Dependabot.
|
|
11
|
+
- Only trusted and maintained dependencies are used.
|
|
12
|
+
- Two-factor authentication is enabled for publishing.
|
|
13
|
+
|
|
14
|
+
## Responsible Disclosure
|
|
15
|
+
|
|
16
|
+
We appreciate responsible disclosure and will respond promptly to any security reports.
|
package/package.json
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ealforque/sequelize-field-parser",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.7",
|
|
4
4
|
"main": "dist/field_parser.service.js",
|
|
5
5
|
"types": "dist/field_parser.service.d.ts",
|
|
6
6
|
"files": [
|
|
7
|
-
"dist"
|
|
7
|
+
"dist",
|
|
8
|
+
"package-lock.json",
|
|
9
|
+
"README.md",
|
|
10
|
+
"SECURITY.md"
|
|
8
11
|
],
|
|
9
12
|
"scripts": {
|
|
10
13
|
"build": "rm -rf dist && tsc",
|