| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability in this package, please report it responsibly.
Do not open a public GitHub issue.
Instead, email security@stll.app with:
- A description of the vulnerability.
- Steps to reproduce.
- The affected version(s).
- Any potential impact assessment.
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
This package is a native addon (NAPI-RS) implementing Myers' bit-parallel fuzzy matching algorithm in Rust. Security concerns may include:
- Memory safety issues in the Rust/NAPI boundary.
- Denial of service via crafted input patterns or haystacks (e.g., quadratic blowup in match extraction).
- Incorrect boundary handling leading to out-of- bounds reads.
- Information leakage through match offsets on untrusted input.