The hyperdrift team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please send an email to [email protected] with:

• A description of the vulnerability
• Steps to reproduce the issue
• Possible impact
• Suggested fix (if any)

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

We don't currently offer bug bounties, but we will acknowledge security researchers who help improve the security of peer-dependency-checker.

When using peer-dependency-checker:

• Always review the output before making changes to your dependencies
• Use the tool in a development environment first
• Keep your Node.js and npm versions up to date
• Regularly audit your dependencies with npm audit

• Security issue reported
• Within 48 hours: Initial response and triage
• Within 7 days: Detailed response with timeline
• Fix developed and tested
• Security release published
• Public disclosure (coordinated with reporter)

Thank you for helping keep peer-dependency-checker and its users safe!