This project, Proofly, is a versatile receipt generator offering invoice creation, tax calculations, multi-currency support, PDF exports, bulk generation, and barcode integration. The project ensures data security and protects sensitive information during interactions.
If you discover a security vulnerability in this project, please follow these steps:
- Do not disclose the issue publicly. Instead, contact the repository maintainers directly.
- Open an issue on the repository or send an email to kurosen930@gmail.com.
- Provide clear steps to reproduce and any potential fixes or patches.
We prioritize secure coding practices to mitigate common vulnerabilities, such as:
- Injection Attacks: All input data is sanitized before processing.
- Cross-Site Scripting (XSS): User input is escaped to prevent XSS.
- Cross-Site Request Forgery (CSRF): Security tokens are used to prevent CSRF attacks.
This project uses third-party libraries. Ensure that these dependencies are up-to-date and monitor for any vulnerabilities.
- Use npm audit to check for outdated or insecure dependencies.
- Follow security updates for all dependencies and apply patches as needed.
Sensitive information such as API keys and environment variables should not be committed directly to the repository. Instead, store secrets securely using GitHub Secrets, and use environment variables in your codebase.
- Protect sensitive branches (e.g.,
main,production) with branch protection rules. - Restrict permissions for collaborators and ensure access to sensitive parts of the project is granted based on the principle of least privilege.
- Use CI/CD tools to ensure all tests pass and security scans are run before deployment.
- Enable HTTPS for all environments to encrypt data during transmission.
This project is licensed under the MIT License. See the LICENSE file for more information.
We thank all contributors and the open-source community for helping make this project more secure.