| 1 | # Security Policy
|
| 2 |
|
| 3 | ## Security Practices
|
| 4 |
|
| 5 | This project meets standardized secure software development practices, including 2FA for all members, password managers with monitoring, secure secret retrieval instead of storage. [Learn about our practices.](https://tidelift.com/funding/github/npm/sortobject)
|
| 6 |
|
| 7 | ## Supported Versions
|
| 8 |
|
| 9 | This project uses [Bevry's automated tooling](https://github.com/bevry/boundation) to deliver the latest updates, fixes, and improvements inside the latest release while still maintaining widespread ecosystem compatibility.
|
| 10 |
|
| 11 | [Refer to supported ecosystem versions: `Editions` section in `README.md`](https://github.com/bevry/sortobject/blob/master/README.md#Editions)
|
| 12 |
|
| 13 | [Refer to automated support of ecosystem versions: `boundation` entries in `HISTORY.md`](https://github.com/bevry/sortobject/blob/master/HISTORY.md)
|
| 14 |
|
| 15 | Besides testing and verification, out CI also [auto-merges](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions) [Dependabot security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) and [auto-publishes](https://github.com/bevry-actions/npm) successful builds of the [`master` branch](https://github.com/bevry/wait/actions?query=branch%3Amaster) to the [`next` version tag](https://www.npmjs.com/package/sortobject?activeTab=versions), offering immediate resolutions before scheduled maintenance releases.
|
| 16 |
|
| 17 | ## Reporting a Vulnerability
|
| 18 |
|
| 19 | [Report the vulnerability to the project owners.](https://github.com/bevry/sortobject/security/advisories)
|
| 20 |
|
| 21 | [Report the vulnerability to Tidelift.](https://tidelift.com/security)
|