Skip to content

Security: xh/hoist-dev-utils

Security

SECURITY.md

Security Policy

Extremely Heavy takes the security of its code and clients very seriously, and we welcome any and all reports of possible vulnerabilities or security-related issues with both Hoist code and its declared dependencies.

Reporting a Vulnerability

To report any issues, or if you have any questions, please contact us immediately at [email protected]. We will respond to all genuine, security-related reports or questions within one US business day.

Secure Usage

Hoist is a toolkit designed to allow professional developers to build advanced enterprise web applications with the support of XH in the form of direct development, co-development, and/or consulting services. As such, many decisions critical to the security of Hoist-powered applications are highly specific to implementation choices made during the design and development process, including but not limited to the choice of other project dependencies, creation and interaction with any Hoist or third-party server APIs, input sanitization, authentication protocols, and more.

Hoist is not and does not claim to be fully secure "out of the box" - it is dependent upon application developers to make and implement security decisions appropriate to their particular application and its deployment.

There aren’t any published security advisories