jsonlt-javascript is currently in early development. Security updates apply to the latest version only.

jsonlt-javascript supports Node.js versions that have not reached end-of-life (EOL). When a Node.js version reaches EOL, the next minor release drops support for that version.

Supported versions start at Node.js 20 LTS

See the Node.js Release Schedule for the official EOL schedule.

If you discover a security vulnerability in jsonlt-javascript, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub's private vulnerability reporting feature:

1. Go to the Security tab of the repository
2. Click "Report a vulnerability"
3. Fill out the form with details about the vulnerability

For more information, see Privately reporting a security vulnerability.

When reporting, please include:

1. A description of the vulnerability
2. Steps to reproduce the issue
3. Potential impact assessment
4. Any suggested fixes (optional)

• Acknowledgment - Expect acknowledgment of your report within 48 hours
• Assessment - Investigation and severity assessment within 7 days
• Resolution - Critical vulnerabilities receive fixes within 30 days
• Disclosure - Disclosure timing coordinated with you

Thank you to the security research community for identifying and responsibly disclosing vulnerabilities.