# TODO: this document is still under construction

🛡️ At Extractable, we take security matters seriously, and we greatly appreciate your assistance in responsibly disclosing any security concerns you may discover. We are committed to addressing security issues promptly and transparently.

If you identify a security issue, please follow these steps:

1. Visit the Extractable GitHub Security Advisory "Report a Vulnerability" tab to submit your report.

2. Once we receive your report, our security team will promptly respond to acknowledge your valuable contribution.

3. After the initial acknowledgment, our security team will keep you informed about the progress toward a resolution and a full announcement. They may also request additional information or guidance from you if needed.

If you come across security issues related to third-party modules used by Extractable, we encourage you to report them to the maintainers of those modules. Alternatively, you can report a vulnerability in a third-party module through the npm contact form by selecting "I'm reporting a security vulnerability."

For a deeper understanding of Extractable's security notification process, please consult the Notifications section of the Security WG's Membership and Notifications Governance document.

Use this section to tell people about which versions of your project are currently being supported with security updates.