If you discover a security vulnerability in @opendata-ai, please report it responsibly. Do not open a public GitHub issue.
Instead, use GitHub's private vulnerability reporting to submit your report. This keeps the details confidential until a fix is available.
- Description of the vulnerability
- Steps to reproduce
- Affected package(s) and version(s)
- Impact assessment (if known)
- Acknowledgment within 48 hours
- Status update within 7 days with an assessment and estimated timeline
- Fix or mitigation published as a patch release, with credit to the reporter (unless you prefer anonymity)
| Version | Supported |
|---|---|
| 0.x | Yes |
This policy covers the four published npm packages:
@opendata-ai/openchart-core@opendata-ai/openchart-engine@opendata-ai/openchart-vanilla@opendata-ai/openchart-react
Vulnerabilities in dependencies (d3, etc.) should be reported upstream to the respective projects.