If you discover a security vulnerability in any totakit project, please report it responsibly.
Email: security@totakit.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeframe |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 5 business days |
| Fix + disclosure | 30 days (or sooner) |
This policy applies to all repositories under the totakit GitHub organization.
- We will not take legal action against researchers who follow this policy
- We will credit reporters in the advisory (unless they prefer anonymity)
- We will fix confirmed vulnerabilities as fast as possible
- Social engineering attacks
- Denial of service attacks
- Issues in third-party dependencies (report upstream, notify us)
Only the latest release of each package is supported with security updates.