Skip to content

Security: vectojs/unisol

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Unisol is a static, client-side visualization with no backend, no authentication, and no user data collection. If you nonetheless find a security issue (for example a dependency vulnerability or a way to inject content through the build), please report it privately.

Please do not disclose the issue publicly until it has been addressed.

Scope

Unisol depends on the published @vectojs/* packages and three. Vulnerabilities in those belong upstream; this repo tracks them via Dependabot and pins exact @vectojs/* versions.

There aren't any published security advisories