Security Policy
Bleu.js is committed to providing a secure and reliable platform for AI development. This security policy outlines our approach to security, vulnerability management, and support lifecycle.
Supported Versions
We provide security updates and support for the following versions:
| Version | Supported | End of Support |
|---|---|---|
| 4.x | ✓ | May 2027 |
| 3.x | ✓ | November 2025 |
| 1.1.x | ✓ | December 2025 |
Current Version Support
We currently support Bleu.js versions 1.1.x, 3.x, and 4.x with active security updates and maintenance.
For the latest features and security improvements, we recommend upgrading to the latest version. See our upgrading guide for assistance.
Reporting a Vulnerability
We encourage responsible disclosure of security vulnerabilities in Bleu.js. To report a security issue, please follow these steps:
- Do not disclose the vulnerability publicly - This could put users at risk
- Email us directly at [email protected]
- Include detailed information about the vulnerability, including:
- Description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Allow us time to respond - We typically respond within 24-48 hours
Security Measures
Input Validation
All user inputs are validated and sanitized to prevent injection attacks and data corruption.
Authentication
Secure authentication using Clerk with OAuth providers and proper session management.
Rate Limiting
Comprehensive rate limiting to prevent abuse and ensure fair usage across all plans.
Data Protection
Encryption in transit and at rest, with secure API key management and data handling.
Security Updates
We release security updates as soon as possible after discovering vulnerabilities. Updates are distributed through our normal release channels:
- NPM -
npm update bleujs - GitHub Releases - Release Notes
- Security Advisories - Security Advisories
Bug Bounty Program
We offer a bug bounty program for security researchers who find and responsibly disclose vulnerabilities. See our Bug Bounty Program for details.
Important: If you discover a security vulnerability, please report it privately to [email protected] before disclosing it publicly.