React Native Nitro TOTP, we take security seriously. If you believe you've found a security vulnerability in our library, please follow the responsible disclosure process:
-
DO NOT disclose the vulnerability publicly until it has been addressed by our team.
-
DO NOT open a GitHub issue for the vulnerability. Instead, please send an email to heinmyatthu.workspace@gmail.com with a detailed description of the issue.
-
Include the following information in your report:
- A clear description of the vulnerability and its potential impact.
- Steps to reproduce the vulnerability, if possible.
- The version of React Native Nitro TOTP affected.
-
Our team will acknowledge your email within 48 hours and may request additional information or clarifications.
-
Once we've validated and addressed the vulnerability, we will publicly disclose the information, giving credit to the reporter (unless you prefer to remain anonymous).
React Native Nitro TOTP is continuously improving, and security updates are essential. We only support the latest stable release and the one immediately preceding it. It is crucial to keep your library version up-to-date to ensure you have the latest security fixes.
| Version | Supported |
|---|---|
| >= 1.0.0 | ✅ |
While using React Native Nitro TOTP in your projects, we recommend following these security best practices:
-
Keep Dependencies Updated: Always use the latest stable versions of React Native Nitro TOTP and its dependencies.
-
Input Sanitization: Sanitize user input to prevent potential security vulnerabilities like SQL injection and cross-site scripting (XSS) attacks.
-
Secure Data Storage: Handle sensitive data securely, whether it's tokens, passwords, or encryption keys. Avoid storing sensitive information in plain text or insecure storage.
-
Use HTTPS: When communicating with servers or APIs, use HTTPS to encrypt the data in transit.
-
Authentication and Authorization: Implement proper authentication and authorization mechanisms in your application.
-
Minimize Permissions: Request the minimum necessary permissions from users in your application.
Please note that we expect all contributors and users of React Native Nitro TOTP to follow our Code of Conduct. We believe in fostering a safe and inclusive environment for everyone involved in the project.
By using or contributing to React Native Nitro TOTP, you agree to abide by the Code of Conduct.
We strive to create a secure and reliable library for our users. If you have any security-related concerns, questions, or suggestions, please feel free to reach out to us at heinmyatthu.workspace@gmail.com.
Thank you for helping us keep React Native Nitro TOTP safe for everyone!