We take the security of AlbionKit seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via email to: support@albionkit.com

Include as much information as possible:

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Any potential impact
• Suggested fixes (if any)

You should receive a response within 48 hours acknowledging your report.

1. Initial Response (48 hours)

   • Acknowledgment of your report
   • Initial assessment of severity

2. Investigation (5-7 days)

   • Security team investigates
   • Reproduction attempts
   • Impact analysis

3. Resolution (Timeline varies)

   • Fix development
   • Testing
   • Deployment

4. Disclosure

   • Coordinated disclosure plan
   • Credit (if desired)
   • Public advisory if critical

• Never share your API keys or credentials
• Use strong, unique passwords
• Enable 2FA where available
• Keep your browser updated
• Report suspicious activity

• Never commit .env files or secrets
• Use environment variables for sensitive data
• Sanitize all user inputs
• Validate data on both client and server
• Follow secure coding practices
• Review dependencies for vulnerabilities

• ✅ Environment variable protection
• ✅ HTTPS enforcement (production)
• ✅ Input validation
• ✅ SQL injection prevention (via Firebase)
• ✅ XSS protection (via Next.js)
• ✅ CSRF protection
• ✅ Rate limiting on API routes
• ✅ reCAPTCHA on forms

• 🔄 Content Security Policy (CSP)
• 🔄 Security headers enhancement
• 🔄 Dependency vulnerability scanning
• 🔄 Automated security testing

We regularly update dependencies and monitor for vulnerabilities:

# Check for outdated packages
npm outdated

# Check for known vulnerabilities
npm audit

# Auto-fix vulnerabilities
npm audit fix

Security updates are released as soon as patches are available. Critical updates may be released outside the normal release cycle.

Stay informed about security updates:

• Watch the repository for releases
• Follow @Albion_Kit
• Join our Discord community (Coming soon)!

Currently, we do not offer a bug bounty program. However, we do provide:

• Public recognition in SECURITY.md (if desired)
• Contributor role on Discord
• Swag for critical vulnerabilities

For any security-related questions:

• Email: support@albionkit.com
• Discord: Security channel

If you value security in open source, consider supporting us:

• GitHub Sponsors
• Buy Me a Coffee

Last Updated: March 2026