Thank you for helping keep Counterfact secure.
Security fixes are currently provided for:
| Version | Supported |
|---|---|
Latest major npm release (currently 2.x) |
✅ |
| Older major releases | ❌ |
Please do not report security vulnerabilities in public GitHub issues.
Instead, report privately using one of these channels:
- GitHub private vulnerability reporting (preferred):
https://github.com/counterfact/api-simulator/security/advisories/new - Email:
pmcelhaney@gmail.com
Please include, when possible:
- A clear description of the issue and affected versions
- Reproduction steps or a proof of concept
- Potential impact
- Any suggested mitigation
- We aim to acknowledge reports within 5 business days.
- We will investigate, validate impact, and coordinate a fix.
- We will keep you informed on status and expected timelines.
- Please allow time for a patch to be prepared before public disclosure.