Poku is an open-source project, so you can see both the Source Code on GitHub Repository and the Distribution Code on NPM.
Some test runners use eval
, Poku prefers to use spawn
to create a isolated process securely for each test file.
See the Protective Measures in the documentation.
Currently, security updates will be applied to the following versions of Poku:
Version | Supported |
---|---|
1.x.x | ✅ |
0.x.x | ❌ |
- Please, give detailed reports
- Include steps to reproduce the vulnerability, and if possible, a patch or workaround.
- Include the specific version of Poku you are using.
Please report it privately: https://github.com/wellwelwel/poku/security/advisories.
- Once the issue has been resolved, you will be attributed a part of the report.
Let's keeping Poku safe 🐷