| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a security vulnerability in Sherp, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email the maintainers directly or use GitHub's private vulnerability reporting feature
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- We will acknowledge receipt of your report within 48 hours
- We will provide an initial assessment within 7 days
- We will work with you to understand and resolve the issue
- Once fixed, we will publicly acknowledge your contribution (unless you prefer to remain anonymous)
This security policy applies to:
@skeptrunedev/sherp-cli@skeptrunedev/sherp-astro
- Vulnerabilities in dependencies (please report these to the respective projects)
- Issues in user-created presentation content
- Social engineering attacks
When using Sherp:
- Keep your dependencies up to date
- Only use trusted MDX components in your presentations
- Review any custom JavaScript before including it in your presentations
- When deploying, follow your hosting provider's security recommendations
Thank you for helping keep Sherp and its users safe!