This project is a curated list of links, themes, and configuration resources.
As such, "security vulnerabilities" typically fall into one of these categories:
- π© Malicious or phishing links submitted to the list
- π Hardcoded secrets, API keys, or personal data in example configs
- π¦ Compromised upstream repositories or themes with supply-chain risks
- π΅οΈ Doxxing or privacy violations in documentation/screenshots
If you discover a security-related concern, please do not open a public issue. Instead:
- Email us at: [email protected]
- Include:
- URL/file location of the concern
- Description of the risk
- Steps to reproduce/verify (if applicable)
- Your contact info (optional, for follow-up)
We acknowledge reports within 48 hours and aim to resolve critical issues within 7 days.
- β Confidentiality: Your report will not be shared publicly without your consent
- π Verification: We will validate the concern and assess impact
- π οΈ Resolution: We'll remove/replace affected content, notify downstream users if needed, and update the list
- π Acknowledgment: With your permission, we'll credit you in our changelog/security advisories
- Never submit configs containing real tokens, passwords, or personal paths
- Always verify upstream repo health before linking
- Use placeholder paths in examples:
~/.config/tool/config.toml - If you maintain a linked project, keep dependencies updated and enable Dependabot/Renovate