| Version | Supported |
|---|---|
| Latest | Yes |
We only provide security fixes for the latest release.
If you discover a security vulnerability in Reader, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email nihal.codes@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional)
- Acknowledgment within 48 hours of your report
- Status update within 7 days with an assessment and timeline
- Credit in the release notes (unless you prefer to remain anonymous)
The following are in scope:
- The
@vakra-dev/readernpm package - The Reader CLI tool
- The Reader Cloud API (
cloud.reader.dev)
The following are out of scope:
- Vulnerabilities in upstream dependencies (report these to the respective projects)
- Issues related to websites blocking scraping (this is expected behavior, not a vulnerability)
Reader is a web scraping tool. Users are responsible for complying with applicable laws and website terms of service. The project maintainers are not responsible for how the tool is used.