You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you discover a security vulnerability in BytePDF, please **do not** open a public GitHub issue.
12
+
13
+
Instead, report it privately via [GitHub Security Advisories](https://github.com/sumitsahoo/bytepdf/security/advisories/new).
14
+
15
+
You can expect:
16
+
17
+
-**Acknowledgement** within 48 hours
18
+
-**Status update** within 7 days
19
+
- Credit in the advisory once the fix is released (if desired)
20
+
21
+
## Security Model
22
+
23
+
BytePDF is a **client-side only** application — all PDF processing happens in your browser. No files or data are transmitted to any server. The attack surface is limited to:
24
+
25
+
- Third-party npm dependencies (monitored via `pnpm audit` in CI and Dependabot)
26
+
- Browser sandbox escape (out of scope — report to the browser vendor)
27
+
28
+
## Dependency Vulnerabilities
29
+
30
+
Known dependency vulnerabilities are tracked automatically via GitHub Dependabot and the weekly security audit workflow. If you spot one that has not been addressed, please follow the disclosure process above.
0 commit comments