The latest published npm version of @hamshad/pie-chart receives security updates. Older versions are not maintained.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Please DO NOT create a public GitHub issue for security concerns.
Instead, email the maintainer privately at: . If you prefer, you can also use GitHub's private security advisory feature.
Provide as much of the following as possible to help triage efficiently:
- Description and potential impact
- Steps to reproduce / proof of concept
- Affected version(s)
- Possible remediation ideas (if any)
- You will receive acknowledgment of receipt (typically within 72 hours).
- The report will be investigated and a severity assigned.
- A fix will be developed and prepared for release.
- A new version will be published and you will be credited (unless you prefer otherwise).
This library is purely client-side UI code. Typical risks involve:
- DOM-based XSS (e.g., unsafe rendering of untrusted labels)
- Performance-related denial of service (extremely large data sets)
If you discover an issue outside this scope that still poses risk to consumers, please report it.
- Sanitize or validate any user-generated labels before passing them into the component.
- Limit extremely large data arrays to avoid performance degradation.
Thanks for helping keep the ecosystem safe! 🙏