We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 2.x.x | ✅ Yes |
| 1.x.x | ✅ Yes |
| < 1.0 | ❌ No |
If you discover a security vulnerability in vite-plugin-component-debugger, please report it to us privately.
- Email: Send details to hello@tonyebrown.com
- Subject: "Security Vulnerability - vite-plugin-component-debugger"
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Fix Timeline: Critical issues within 7 days, others within 30 days
- Disclosure: Coordinated disclosure after fix is released
This plugin:
- Only runs during development builds
- Does not collect or transmit any data
- Does not expose sensitive information in data attributes
- Uses secure token types for auto-publishing (automation tokens)
This security policy covers:
- The plugin source code
- Build and release processes
- Documentation and examples
Note: This plugin adds data attributes to DOM elements during development only. No runtime security implications for production builds.