Skip to content

Security: nbsp1221/tossinvest-openapi

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Do not report vulnerabilities with credentials, access tokens, account numbers, order payloads, or other sensitive financial data in a public GitHub issue.

Report security-sensitive problems by opening a private security advisory on GitHub:

https://github.com/nbsp1221/tossinvest-openapi/security/advisories/new

If the advisory flow is unavailable, open a public issue with only a minimal description and state that details can be shared privately. Do not include secrets or account-specific data.

Scope

Security reports are in scope when they affect this SDK, its generated types, package distribution, examples, documentation that can cause unsafe credential handling, or the release workflow.

Problems in Toss Securities Open API itself should be reported to Toss Securities through their official channels.

Supported Versions

Only the latest published TypeScript package version receives security fixes.

There aren't any published security advisories