This repository is part of NamoID — an identity provider, so we take security seriously even in our client libraries and examples. If you've found a vulnerability, please report it privately so we can fix it before it gets exploited.
Email: hello@namoid.in
Please do not open a public GitHub issue for security reports.
Include:
- A clear description of the issue and where you found it (repo, file + line, package version, or a URL if it's a hosted surface).
- Reproduction steps — the minimum required for us to trigger it.
- Impact assessment: who is affected, what data is exposed, what capability is gained.
- Optional: a suggested fix.
We'll acknowledge within 48 hours and give a triage decision within 5 business days. We'll credit you in the release notes if you'd like — anonymous reports are welcome too.
This repo is an Upptime-powered status page and configuration repo. The most relevant findings here are things like:
- Secret handling issues in GitHub Actions/workflows (token leakage, unsafe logging).
- Misconfigurations that could expose internal endpoints or sensitive metadata.
- Dependency vulnerabilities that affect the generated status site or checks.
Findings against the NamoID hosted service itself (*.id.namoid.in,
api.namoid.in) are also welcome — email the same address with the details
above.
If you act in good faith — no data exfiltration beyond proof-of-concept, no service disruption, no targeting of other people's accounts, and you give us time to fix before disclosing — we won't pursue legal action against you.