Only the latest published release of Spraxium MDX receives security fixes. The extension is distributed through the Visual Studio Code Marketplace.
| Version | Supported |
|---|---|
| 1.x | Yes |
Do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities by emailing hello@spraxium.com. Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (if applicable)
- VS Code version, extension version, and operating system
We will acknowledge your report within 5 business days and aim to release a patched version to the Marketplace within 30 days of confirmation.
Once the vulnerability is resolved, we will publish a security advisory on GitHub and credit the reporter unless anonymity is requested.
This extension runs entirely inside VS Code and does not transmit any data externally. The attack surface is limited to:
- TextMate grammar injection into MDX/Markdown files open in the editor
- In-process analysis of file content for diagnostics and completions
- Reading VS Code workspace configuration
Out of scope: issues in VS Code itself, the MDX language runtime, the Marketplace infrastructure, or third-party dependencies not controlled by this project.