Security Policy

Supported Versions

We recommend always using the latest version to benefit from the latest features and security patches. Only the latest version of @fetchkit/ffetch receives security updates!

Reporting a Vulnerability

Please do not open a public issue for security vulnerabilities.

Instead, use GitHub's private vulnerability reporting to submit a report confidentially. This allows us to assess and patch the issue before any public disclosure.

What to include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a minimal proof-of-concept
• Any suggested mitigations (optional)

You can expect an initial response within 7 days. If a fix is warranted, a patched release and public advisory will be published once resolved.