If you discover a security vulnerability in any w3-kit repository, please report it responsibly.
Do NOT open a public issue.
Instead, use GitHub's private vulnerability reporting on the affected repository.
- Description of the vulnerability
- Steps to reproduce
- Affected repository and version
- Potential impact
This policy covers all repositories in the w3-kit organization:
- cli
- registry
- config
- ui
- website
- learn
- contracts
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix or mitigation: depends on severity, typically within 30 days
For vulnerabilities in w3-kit/contracts, please note that these are educational templates, not production-deployed contracts. We still take security seriously and will address reported issues promptly.
We support the latest published version of each package. Older versions do not receive security patches.