ld/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2025-05-10 14:21:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Delete .github/SECURITY.md

Browse Source 
Signed-off-by: Nodoubtz <53144580+nodoubtz@users.noreply.github.com>
This commit is contained in:
Nodoubtz 2025-03-27 09:10:06 -04:00 committed by GitHub
parent 6e480e4fef
commit 63700dd9d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.github/SECURITY.md vendored
View File

@ -1,27 +0,0 @@
# Security
Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
## OpenSSF CII Best Practices
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/684/badge)](https://bestpractices.coreinfrastructure.org/projects/684)
There are three “tiers”: passing, silver, and gold.
### Passing
We meet 100% of the “passing” criteria.
### Silver
We meet 95% of the “silver” criteria. The gaps are as follows:
- we do not have a DCO or a CLA process for contributions.
- because we only have one maintainer, the project has no way to continue if that maintainer stops being active.
- we do not currently document “what the user can and cannot expect in terms of security” for our project. This is planned to be completed in 2023.
### Gold
We meet 65% of the “gold” criteria. The gaps are as follows:
- we do not yet have the “silver” badge; see all the gaps above.
- We do not include a copyright or license statement in each source file. Efforts are underway to change this archaic practice into a suggestion instead of a hard requirement.
## Threat Model
See [THREAT_MODEL.md](./THREAT_MODEL.md).