| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a security vulnerability in react2shell-guard, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the maintainers directly with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Initial Assessment: We will provide an initial assessment within 7 days
- Resolution Timeline: We aim to resolve critical issues within 30 days
- Credit: We will credit reporters in the release notes (unless you prefer anonymity)
When using react2shell-guard:
- Keep Updated: Always use the latest version
- Verify Installation: Install from official npm registry
- Review Outputs: Validate scan results before taking action
- Secure CI/CD: Protect npm tokens and API keys in CI/CD pipelines
This security policy covers:
- The react2shell-guard npm package
- The CLI tool
- The MCP server
- The middleware components
- Third-party dependencies (report to respective maintainers)
- User misconfiguration
- Denial of service through normal usage
react2shell-guard itself is designed to detect CVE-2025-55182 in React/Next.js applications. For vulnerabilities in the tool itself:
- We will request CVE IDs for confirmed vulnerabilities
- Security advisories will be published on GitHub
- Updates will be released as patch versions
We thank all security researchers who responsibly disclose vulnerabilities.