Security fixes are applied to the latest 1.x release line.
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Report vulnerabilities privately through GitHub's built-in advisory flow:
- Go to the Security tab of this repository.
- Click "Report a vulnerability" to open a private advisory (direct link).
- Include as much detail as you can:
- affected version(s),
- a description of the issue and its impact,
- steps to reproduce or a proof of concept,
- any suggested fix or mitigation.
We will acknowledge your report within 5 business days and keep you updated on remediation progress. Once a fix is released, we will publish a security advisory and credit you unless you prefer to remain anonymous.
miragejs-orm is an in-memory ORM intended for testing and local development. It is not designed to run in production or to handle untrusted input as a security boundary. Reports are most relevant when they concern:
- the published npm package contents or build output,
- the library's own runtime behavior (it ships with zero runtime dependencies).
The example application under examples/ is a demo and is not a published artifact; issues there are handled as regular bugs, not security advisories.