| Version | Supported |
|---|---|
| 2.x.x | ✅ Yes |
| 1.x.x | ❌ No (deprecated) |
If you discover a security vulnerability in Slothlet, please report it responsibly:
- DO NOT create a public GitHub issue for security vulnerabilities
- Email security concerns to: git+security@cldmv.net
- Include detailed information about the vulnerability
- Allow reasonable time for investigation and fixes
Slothlet dynamically loads and executes JavaScript modules. When using Slothlet:
- Only load modules from trusted sources
- Validate input when using
contextorreferenceobjects - Be cautious with
mode: "vm"- it provides isolation but is not a security boundary - Consider the security implications of your specific use case
- Initial response: Within 48 hours
- Status update: Within 7 days
- Resolution timeline: Varies based on complexity
Thank you for helping keep Slothlet secure!