Skip to content

Security Info Detect & Parse #54

New issue
New issue
Open
Open
Security Info Detect & Parse#54
Milestone
MVP
@toderash

Description

@toderash
toderash
opened on Mar 10, 2026

Check packages for security contact information. Typical locations include:

  • Security: (email or url) plugin header if WP package
  • SECURITY.txt or SECURITY.md in package root (any package; case-insensitive)
  • If an "official" website URL is given, check the .well-known security URI at domain.com/.well-known/security.txt

VDP

  • If a VDP exists, we want to show that in the json output, but it won't be a reliable yes/no at first since we'll only find it by parsing the above locations, if any are found. A future enhancement could check APIs from Patchstack et al, but we won't have a reliable source until the package publisher includes it in their own meta.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Forge Board

    Status

    Ready

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions