Security of all WinkJS packages, including winkNLP is important to us.
Only the latest version of winkNLP is supported. This version can be installed and/or downloaded from NPM or from the latest GitHub release.
We would appreciate responsible disclosure. If you would like to report a vulnerability, the preferred way to do so is contacting us directly. Please do not report security vulnerabilities through public GitHub issues.
Please include the following minimum information to help us understand and analyze the potential issue:
- Type of issue for example buffer overflow or privilege escalation.
- Full path(s) of source file(s) related to the issue including the affected source code’s tag or commit SHA.
- Step-by-step instructions on how to reproduce the issue, including the sample exploit code
- Impact of the issue.
When you are investigating and reporting the vulnerability you must never:
- break any law,
- tell others about the vulnerability you have found until we have disclosed it, and/or
- demand money to disclose a vulnerability.