Thank you for your interest in improving the security of {css}animation. We value and appreciate responsible security disclosures and are committed to resolving any legitimate issues in a timely manner.
This policy applies only to vulnerabilities found within the codebase of this repository (cssanimation). Issues in third-party dependencies should be reported to their respective maintainers.
We currently support only the latest version of the library for security updates.
| Version | Supported |
|---|---|
| latest | ✅ Yes |
| older | ❌ No |
If you believe you’ve discovered a security vulnerability, please report it privately by emailing: [email protected]
- A detailed description of the vulnerability
- Steps to reproduce it or a proof of concept (if possible)
- Any suggestions for mitigation
- Your preferred contact method for updates
We follow a coordinated disclosure process:
- You report the issue privately.
- We verify and assess the severity.
- A fix is prepared and released.
- A public disclosure is made, if appropriate.
We aim to acknowledge all reports promptly and, if validated, will work to resolve critical issues as quickly and responsibly as possible.
We’re happy to acknowledge your contribution to securing {css}animation in our changelog and release notes (with your permission).
Thank you for helping make the web a safer place