We actively maintain and provide security updates for the following versions of MeridianAlgo.js:

We take security vulnerabilities seriously. If you discover a security vulnerability in MeridianAlgo.js, please follow these steps:

Security vulnerabilities should be reported privately to prevent exploitation.

Send an email to: security@meridianalgo.org

Include the following information:

• Description - Clear description of the vulnerability
• Steps to Reproduce - Detailed steps to reproduce the issue
• Impact Assessment - Potential impact and severity
• Affected Versions - Which versions are affected
• Proposed Fix - If you have a suggested fix (optional)

• Initial Response: Within 24 hours
• Status Update: Within 72 hours
• Resolution: Within 30 days (depending on severity)

• We will work with you to understand and reproduce the issue
• We will develop and test a fix
• We will coordinate the release of the fix
• We will credit you for the discovery (if desired)

1. Keep Updated - Always use the latest version of MeridianAlgo.js
2. Validate Input - Always validate input data before passing to indicators
3. Handle Errors - Implement proper error handling in your applications
4. Secure Dependencies - Regularly audit your project dependencies
5. Environment Variables - Never commit API keys or sensitive data

1. Input Validation - All functions include robust input validation
2. Error Handling - Custom IndicatorError class for consistent error handling
3. Type Safety - Full TypeScript support prevents many runtime errors
4. Testing - Comprehensive test suite covers edge cases and error conditions
5. Documentation - Clear documentation helps prevent misuse

• No Data Collection - MeridianAlgo.js does not collect or transmit any data
• Local Processing - All calculations are performed locally
• Minimal Dependencies - Reduced attack surface through minimal external dependencies

• No Storage - The library does not store financial data
• No Transmission - No data is transmitted to external servers
• Local Only - All processing happens in your application

• Open Source - Full source code is available for review
• Regular Audits - Code is regularly reviewed for security issues
• Dependency Scanning - Automated scanning for vulnerable dependencies
• Static Analysis - ESLint and TypeScript provide additional security checks

Currently, there are no known security vulnerabilities in MeridianAlgo.js.

Before using MeridianAlgo.js in production:

• Update to the latest version
• Review your input validation
• Implement proper error handling
• Test with edge cases
• Review your application's security posture
• Consider rate limiting for high-frequency usage
• Implement proper logging and monitoring

• npm audit - Check for vulnerable dependencies
• Snyk - Continuous security monitoring
• OWASP ZAP - Web application security testing
• ESLint Security Plugin - Static analysis for security issues

# Check for vulnerable dependencies
npm audit

# Fix automatically fixable vulnerabilities
npm audit fix

# Run security-focused linting
npm run lint -- --ext .ts,.js src/

• Email: security@meridianalgo.org
• Response Time: 24 hours
• PGP Key: Available upon request

• GitHub Issues: https://github.com/MeridianAlgo/Javascript-Packages/issues
• GitHub Discussions: https://github.com/MeridianAlgo/Javascript-Packages/discussions

This security policy may be updated from time to time. Significant changes will be announced through:

• GitHub releases
• Email notifications to security contacts
• Website announcements

We thank the security researchers and community members who help keep MeridianAlgo.js secure by:

• Reporting vulnerabilities responsibly
• Contributing security improvements
• Participating in security discussions
• Maintaining security best practices

Last Updated: November 30, 2025
Version: 2.0.0
Next Review: February 28, 2026

Copyright (c) 2025 Meridian Algorithmic Research Team