| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of nuxt-github-pages seriously. If you have discovered a security vulnerability, please follow these steps:
Security vulnerabilities should be reported privately to prevent malicious use.
Please report security vulnerabilities by emailing the MITRE open source team or by creating a security advisory on GitHub:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide detailed information about the vulnerability
Please include the following information:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a more detailed response within 7 days
- We will work on a fix and coordinate release timing with you
- Keep dependencies updated: Run
pnpm auditregularly - Use lock files: Always commit
pnpm-lock.yaml - Review module options: Only enable features you need
- Monitor security advisories: Watch this repository for security updates
This project uses:
- Dependabot for automatic dependency updates
- pnpm audit in CI/CD pipeline
- ESLint with security rules
- Git hooks to prevent common security issues
This security policy applies to:
- The nuxt-github-pages module code
- Dependencies directly used by the module
- The build and release process
Out of scope:
- Security issues in Nuxt itself (report to Nuxt team)
- Security issues in user implementations
- Security of GitHub Pages hosting