@gerync/utils is a lightweight utility library with no sensitive data handling, no network calls, and no authentication mechanisms. It primarily provides:
- Console logging utilities
- Error handling and configuration
- Object validation helpers
As such, security risks are minimal. However, we appreciate responsible disclosure.
If you discover a security concern:
- Please do not open a public issue on GitHub
- Email: [email protected] with details
- Include a description of the issue and steps to reproduce (if applicable)
We'll acknowledge receipt and respond as time permits.
- This is a hobby/utility project with no guaranteed maintenance SLA
- Security updates may take time or may not happen immediately
- Users are responsible for validating their own use cases
- Sanitize user input before passing to object validation functions
- Avoid logging sensitive data (credentials, tokens, PII) through coloredlog
- Configure error responses carefully to avoid exposing internal details to clients
- Keep dependencies updated in your own projects
- express: Security maintained by the Express community
- typescript: Security maintained by the TypeScript team
We don't actively monitor these, but we recommend keeping them updated in your own projects.
This library is provided "as-is" without warranty. See LICENSE for full details.