Safrochain takes security seriously. We appreciate responsible disclosure and we will work with you to understand and resolve issues quickly.

This repository contains the Safrochain documentation site (Docusaurus). Even so, security issues can still matter: XSS in MDX, supply-chain risks, malicious links, or build pipeline abuse.

We accept security reports for:

• main (the currently deployed docs site)
• the most recent release tag (if tags are used)

Please do not open a public GitHub issue for a security report.

Instead, report privately:

• Email: security@safrochain.com

Include:

• A clear description of the issue and impact
• Steps to reproduce (PoC if possible)
• Affected file paths and URLs (e.g. /validators/monitoring)
• Your environment (OS, browser, Node version) if relevant
• Any suggested fix or mitigation

If you are reporting a security issue in the Safrochain chain software (not this docs site), still use the same address above and we will route it to the correct maintainers.

We aim to follow this timeline:

• Acknowledgement: within 72 hours
• Triage: within 7 days (severity, scope, and next steps)
• Fix and deploy: as quickly as practical, depending on severity

If we need additional information, we will ask follow-up questions.

• Do not access or modify other users' data.
• Do not run denial-of-service attacks.
• Do not use social engineering.
• Give us a reasonable time to remediate before public disclosure.

If you want attribution, tell us how you'd like to be credited when the fix is shipped.