Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously.
- Do not create a public GitHub issue.
- Please email the maintainer or valid security contact (e.g., security@example.com - placeholder).
- Provide full details of the vulnerability and steps to reproduce.
We will acknowledge receipt of your vulnerability report within 48 hours and strive to send you regular updates about our progress.
- This backend uses JWT (JSON Web Tokens) for authentication.
- Secrets are stored in environment variables and should never be committed to the repository.
- Password hashing is performed using Bcrypt.
We use npm to manage dependencies. Please ensure npm audit is run regularly to identify known vulnerabilities in the dependency tree.