Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported | 
|---|---|
| 1.0.x | ✅ | 
| < 1.0 | ❌ | 
We take the security of our project seriously. If you believe you've found a security vulnerability, please follow these steps:
- 
Do Not Open a Public Issue - Security vulnerabilities should not be reported through our public issue tracker.
 
- 
Email the Project Maintainer - Send an email to [email protected] (replace with your actual contact email)
- Include as much information as possible about the vulnerability
- If possible, include steps to reproduce the issue
 
- 
Response Time - We will acknowledge receipt of your vulnerability report within 48 hours
- We will send you regular updates about our progress
 
- 
Disclosure Policy - Once we have addressed the vulnerability, we will notify you
- We will publicly disclose the vulnerability after it has been fixed
- We will credit you for discovering the vulnerability (unless you prefer to remain anonymous)
 
When using this library:
- 
Keep Dependencies Updated - Always use the latest version of @webmasterdevlin/json-server
- Regularly check for updates of all your dependencies
 
- 
Production Usage Caution - This tool is primarily intended for development and testing environments
- If used in production, implement proper authentication and authorization
- Consider putting the server behind a reverse proxy or API gateway
 
- 
Data Exposure - Be careful about what data you include in your JSON database files
- Don't include sensitive or personal information in development databases
 
- 
Network Security - Consider restricting access to the server to localhost when not needed externally
- Use the --hostoption to bind to specific interfaces only when required
 
- 
Read-Only Mode - When possible, use the --read-onlyflag to prevent data modifications
 
- When possible, use the 
// Secure configuration example
import { create } from '@webmasterdevlin/json-server';
const server = create({
  // Bind only to localhost for development
  host: 'localhost',
  // Enable read-only mode to prevent data modifications
  readOnly: true,
  // Disable CORS for more security when not needed
  noCors: true,
});
server.loadDatabase('./safe-db.json');
server.start();Thank you for helping keep this project and its users secure!