Skip to content

Security: wfps60412/Preupload-Guard

Security

SECURITY.md

Security Policy / 安全政策

Scope / 範圍

PreUpload Guard is a local, heuristic scanner and sanitizer. It reduces accidental disclosure risk; it does not certify a file as safe and does not replace credential rotation, access control, or security review.

PreUpload Guard 是本機啟發式掃描與去識別化工具。它用來降低意外外流風險,不保證檔案絕對安全,也不能取代憑證輪換、存取控制或資安審查。

Supported versions / 支援版本

The latest tagged release is supported. Security fixes are normally made on the default branch and released as soon as practical.

只支援最新已標記發布版。安全修正通常會先進入預設分支,再盡快發布。

Reporting a vulnerability / 回報弱點

Do not open a public issue with a real key, password, token, document, database, screenshot, or exploit payload.

Before the first public release, repository maintainers should enable GitHub’s private vulnerability reporting. Use the repository’s Security tab and “Report a vulnerability” flow. If that flow is not enabled, contact the maintainer privately through the repository owner profile and provide only a minimal redacted reproduction.

請不要在公開 issue 放入真實金鑰、密碼、Token、文件、資料庫、截圖或 exploit payload。

首次公開發布前,維護者應啟用 GitHub 的私密弱點回報功能。請使用儲存庫的 Security 分頁與「Report a vulnerability」流程。若尚未啟用,請透過 repository owner 的 GitHub 個人頁私下聯繫,且只提供最小化、遮罩後的重現步驟。

Safe report contents / 安全回報內容

Include:

  • Version and operating system.
  • Redacted steps to reproduce.
  • Expected and actual behavior.
  • Whether the issue concerns scanning, sanitization, reports, archives, or CLI exit codes.

Never include:

  • Real credentials, private keys, passwords, tokens, payment data, user data, full diagnostics, or original source files.

There aren't any published security advisories