If you discover a security issue in HardHat:
- DO NOT open a public GitHub issue
- Email: Site@hotmail.com
- Subject:
[HardHat Security] Brief description
- Acknowledgment: 48 hours
- Status update: 7 days
- Resolution: 30 days
In scope:
- Script injection vulnerabilities
- Privilege escalation via HardHat
- Incorrect hardening that weakens security
- Backup file exposure
Out of scope:
- Issues in the OS itself (report to Red Hat)
- CIS Benchmark content accuracy (report to CIS)
- Intentional misuse of the tool
HardHat modifies system configuration. Always test in a non-production environment first.
Running --audit mode makes no system changes and is always safe.