| Version | Supported |
|---|---|
| 0.4.x | ✅ |
| < 0.4 | ❌ |
If you discover a security vulnerability in vibescore, please report it responsibly:
- Do NOT open a public issue.
- Email security@vibescore.dev or use GitHub Security Advisories.
- Include steps to reproduce and impact assessment.
We will acknowledge receipt within 48 hours and provide a fix timeline within 7 days.
vibescore scans project files locally for quality issues. It does not:
- Send data to external servers
- Require API keys or credentials
- Execute or modify your project's code
Security concerns are primarily around dependency supply chain and path traversal in file scanning.