| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability in DevTo-MCP, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
- Email: Send a detailed report to furkankoykiran@hotmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Resolution: Depending on severity, typically within 2-4 weeks
- You will receive an acknowledgment of your report
- We will investigate and validate the vulnerability
- We will work on a fix and coordinate disclosure
- You will be credited in the security advisory (unless you prefer anonymity)
When using DevTo-MCP:
- Never commit your API key to version control
- Use environment variables for API key configuration
- Rotate your DEV Community API key periodically
- Review the permissions associated with your API key
This security policy applies to the DevTo-MCP package and its dependencies.