PostCSS Prefix Wrap // Security
Outlines how security is considered during the development of PostCSS Prefix Wrap.
- Provenance
- Dependency Vulnerability and Code Scanning
- Security Disclosure Policy
- Security Update Policy
- Security Related Configuration
- Known Security Gaps and Future Enhancements
Since v1.47.0, provenance attestations (docs.npmjs.com) are provided alongside build artefacts.
- GitHub code scanning via CodeQL
- GitHub dependabot alerts
- GitHub dependabot security updates
- GitHub secret scanning
Privately report a vulnerability using GitHub Security Advisories.
Best efforts will be taken to apply code fixes or update vulnerable packages as soon as is possible, this will usually be within a couple of days.
None currently.
Look at GitHub issues tagged Security.