Thanks for helping keep sanity-plugin-seofields and its users safe.
If you believe you have found a security vulnerability, please do not open a public GitHub issue. Report it privately first so there is time to investigate and ship a fix.
Security fixes are currently provided for the latest published major version of the plugin.
| Version | Supported |
|---|---|
1.x (latest release) |
✅ Yes |
| Older releases | ❌ No |
If you are running an older release, upgrade to the latest 1.x version before requesting support.
Please email hello@thehardik.in with:
- A clear description of the issue
- The affected package version
- Your Sanity Studio version and Node.js version
- Reproduction steps or a minimal test case
- The impact you expect (for example: XSS, data exposure, privilege escalation, SSRF)
- Any suggested fix or mitigation, if you have one
If possible, include:
- A proof of concept
- Stack traces, logs, or screenshots
- Whether the issue affects Studio runtime, frontend helpers, CLI commands, or Schema.org output
Please avoid sharing the report publicly until a fix or mitigation is available.
After a report is received:
- I will acknowledge receipt as soon as possible.
- I will investigate and confirm whether the report is a valid vulnerability.
- If confirmed, I will work on a fix and coordinate a release.
- Once a fix is available, I may ask you to help verify it.
I appreciate responsible disclosure and will do my best to keep you informed during the process.
This policy covers security issues in the npm/ package, including:
- The published
sanity-plugin-seofieldspackage - Next.js helpers exported from
sanity-plugin-seofields/next - Schema.org helpers exported from
sanity-plugin-seofields/schemaandsanity-plugin-seofields/schema/next - The
seofieldsCLI shipped with the package
Non-security bugs, feature requests, and documentation issues should be reported through the normal GitHub issues flow: