pixelcheck follows semantic versioning. We provide security patches according to the schedule below.

After a major version (e.g., 2.0) ships, the previous major (1.x) receives critical security patches for 6 months, then enters end-of-life.

Do not file public GitHub issues for security reports.

Use GitHub Security Advisories (the only supported private channel for v1.0):

• Visit: https://github.com/xcodethink/pixelcheck/security/advisories/new
• Allows private discussion + coordinated disclosure with maintainers
• Tracks the lifecycle (acknowledged → triaged → fixed → CVE issued) natively within GitHub

A dedicated email channel may be added in v1.x for users who can't access GitHub Security Advisories (regulated networks, etc). Until then, please use GHSA above.

We aim to:

• Acknowledge within 72 hours
• Provide initial assessment within 7 days
• Publish a fix within 30 days for critical severity, 90 days for moderate

We follow coordinated disclosure: researchers and vendors agree on a public-disclosure date, after a fix ships and downstream users have time to upgrade.

Update 2026-05-03: T-NEW-1 (Stagehand v3 upgrade) executed earlier than planned — see ADR-035 (originally filed as ADR-029, renumbered 2026-05-05 to resolve a slot conflict with the M9-3.2 file-lock-race ADR). Stagehand v3.3.0 dropped both vulnerable transitive dependencies, so the three waivers below are closed. The full text is preserved here as a historical record of v1.0.0's accepted-risk posture.

• Severity: Moderate
• Source: @browserbasehq/stagehand@2.5.8 → ai
• Vulnerable behavior: Vercel AI SDK's file-upload endpoint whitelist can be bypassed when uploading user-supplied files.
• Why was not exploitable in pixelcheck@1.0.x: We do not call the ai SDK's file-upload functionality. Stagehand uses ai for prompt formatting only; no file uploads cross this code path.
• Resolution: Stagehand 3.3.0 no longer depends on ai SDK. Verified by npm audit post-upgrade — finding is gone.

• Severity: Moderate
• Source: @browserbasehq/stagehand@2.5.8 → jsondiffpatch
• Vulnerable behavior: HtmlFormatter::nodeBegin does not properly escape user-controlled values, leading to cross-site scripting if the formatted HTML is rendered in a browser.
• Why was not exploitable in pixelcheck@1.0.x: We do not use jsondiffpatch's HtmlFormatter. Stagehand uses jsondiffpatch for internal plan diffing (server-side, never rendered as HTML to a browser). No HTML output reaches a user surface from this code path.
• Resolution: Stagehand 3.3.0 no longer uses jsondiffpatch. Verified by npm audit post-upgrade.

• Severity: Low
• Source: Stagehand v2.5.8 transitive
• Resolution: Removed alongside the two findings above when Stagehand v3.3.0 replaced its dependency tree.

Stagehand v3.3.0 introduced a new set of 5 transitive moderate findings (different from the v1.0 set listed above):

Both overrides are validated at runtime by the T5 Stagehand smoke test (real chromium + Anthropic API exercising act / extract / observe). The forced versions are major bumps over what @browserbasehq/stagehand@3.3.0 and @langchain/core declare in their dependencies, but Stagehand runs cleanly against them.

Result: npm audit --production reports 0 vulnerabilities.

After ADR-035 + the post-v3 override cleanup above, CI runs npm audit --production --audit-level=moderate (tightened from the v1.0 --audit-level=high gate). All historical waivers are closed.

When @browserbasehq/stagehand ships a new minor / patch that bumps its own internal langsmith / uuid pins, the overrides block can be removed in a follow-up PR (the override is harmless to keep but unnecessary once upstream catches up).

• Weekly automated scans: GitHub Dependabot opens PRs for new vulns (see .github/dependabot.yml)
• CI gate (T26+T27): every PR runs npm audit --audit-level=high as a required check
• License compliance (T28): every PR runs license-checker against an allowlist (see docs/THIRD_PARTY_LICENSES.md)
• SBOM (T29): release artifacts include a CycloneDX SBOM at GitHub Releases
• Lockfile: package-lock.json is committed; CI runs npm ci (lockfile-strict)

This policy covers vulnerabilities in:

• The pixelcheck source code (CLI, MCP server, library)
• The Node.js modules we directly publish under dist/
• Our package.json direct + transitive dependencies (where we have upgrade authority)

This policy does not cover:

• Vulnerabilities in Anthropic Claude API infrastructure (report to Anthropic directly)
• Vulnerabilities in Chromium (report upstream to the Chromium Security team)
• Issues in user-supplied scenarios / personas (user responsibility)
• Issues in audited target sites (user responsibility)

For data-handling concerns (what data is collected, where it is sent, retention), see PRIVACY.md (added in T22).

Last updated: 2026-05-01 (T0.6 initial draft) Policy owner: project maintainers