pervigil is pre-1.0 and follows semantic versioning.
Security fixes land on the latest released minor — please upgrade to the most
recent 0.x release before reporting.
| Version | Supported |
|---|---|
latest 0.x |
✅ |
| older | ❌ |
Please report security issues privately — do not open a public issue or PR.
Use GitHub's private vulnerability reporting: Report a vulnerability (repo Security tab → "Report a vulnerability").
Expect an initial response within a few days. Once a fix is ready it will be released and the advisory published with credit, unless you prefer to remain anonymous.
pervigil has zero runtime dependencies and ships no native addons — it
invokes the operating system's own sleep-inhibitor mechanism (caffeinate,
systemd-inhibit, or PowerShell's SetThreadExecutionState). Reports about how
those OS processes are spawned, or about the integrity of the published package,
are especially welcome.
Releases from v0.5.0 onward are published from CI via npm Trusted Publishing
(OIDC) with build provenance attestation. Verify a downloaded copy with:
npm audit signatures