| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in Lore, please report it responsibly.
Do NOT open a public issue for security vulnerabilities.
Instead, please email namishsaxena@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (optional)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Resolution: We will work on a fix and coordinate disclosure timing with you
- Credit: We will credit you in the release notes (unless you prefer to remain anonymous)
When using Lore:
- Keep Lore updated to the latest version
- Review imported content before adding to your knowledge base
- Don't store secrets in knowledge entries (API keys, passwords, tokens)
- Use
.gitignoreappropriately - the SQLite database (lore.db) is gitignored by default - Review JSONL exports before committing to ensure no sensitive data is included
This security policy covers the Lore CLI tool and its packages:
@lore/cli@lore/core@lore/mcp
Third-party dependencies are managed through standard npm security practices.