Skip to content

Security: Hroldddp/ContentForge

Security

SECURITY.md

Security

If you find a security issue, don't open a public issue. Report it privately:

We'll acknowledge within 48 hours and give a timeline for the fix.

Things to watch

  • .env files — don't commit API keys
  • Dependencies — keep them updated
  • yt-dlp — only downloads from YouTube, URLs aren't user-supplied

Best practices

  • .env is in .gitignore but double-check
  • sudo pacman -Syu regularly
  • Review Dependabot PRs when they come in
  • Run bash setup.sh after pulling updates

There aren't any published security advisories