# Security Policy

## Reporting Security Vulnerabilities

If you discover a security vulnerability in the **GeoThai** npm package, please follow these guidelines to report it responsibly:

1. **Do Not Open Public Issues**: Please do not disclose security vulnerabilities publicly, as this can put users at risk. Instead, report vulnerabilities privately.

2. **Email Us Directly**: Send a detailed report to [geothai@fasu.dev](mailto:geothai@fasu.dev). Include the following information:
   - A description of the vulnerability.
   - Steps to reproduce the issue.
   - Any potential impact or exploit scenarios.
   - Proof of concept or sample code, if applicable.

3. **Follow Up**: We will acknowledge your report within 48 hours and provide an estimated timeline for resolution. We will work with you to understand the issue and address it as quickly as possible.

## Responsible Disclosure

To ensure a coordinated and responsible disclosure, please follow these practices:

- **Do Not Exploit**: Avoid exploiting the vulnerability or using it in a way that could cause harm to users or systems.
- **Private Disclosure**: Wait for us to release a fix before disclosing the vulnerability publicly.
- **Collaborate**: Provide any additional information or assistance that may help us address the issue.

## Security Updates

- **Patch Releases**: Security updates will be released as soon as possible. We will publish updates and advisories on our GitHub repository and notify users of critical patches.
- **Versioning**: All security fixes will be included in patch releases. Please keep your package up to date to ensure you have the latest security patches.

## Security Practices

We take security seriously and follow best practices to protect our codebase and users:

- **Code Reviews**: All changes to the codebase are reviewed by multiple maintainers to catch potential security issues.
- **Automated Testing**: We use automated testing tools to identify vulnerabilities and ensure the security of our package.
- **Zero Dependencies**: The **GeoThai** package has no external dependencies, reducing the risk of vulnerabilities introduced through third-party code.

## Additional Resources

For more information on security practices and responsible disclosure, you may refer to the following resources:

- [OWASP Security Guide](https://owasp.org/www-project-top-ten/)
- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)

## Contact

If you have any questions or need further assistance regarding security, please reach out to us at [geothai@fasu.dev](mailto:geothai@fasu.dev).

Thank you for helping us keep **GeoThai** secure. Your vigilance and cooperation are greatly appreciated. 🙏
