| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2 | ❌ |
If you discover a security vulnerability in mex, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email thedakshjaitly@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional)
- Acknowledgment within 48 hours of your report
- Status update within 7 days with an assessment and next steps
- Fix timeline depends on severity — critical issues will be prioritized
This policy applies to the mex CLI tool and its published npm package. Third-party dependencies are outside the scope of this policy, but we appreciate being notified if you find issues in our dependency chain.
Thank you for helping keep mex secure.