| Version | Supported |
|---|---|
| Latest | ✅ |
Only the latest published version of Heroshot receives security updates.
If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue
- Email ondrej@macha.la with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- You will receive an acknowledgment within 48 hours
- A fix will be prioritized and released as soon as possible
Heroshot is a CLI tool that automates browser screenshots using Playwright. Security concerns may include:
- Command injection via config files or CLI arguments
- Arbitrary file write/overwrite through output paths
- Unsafe handling of user-provided URLs or selectors
- Dependencies with known vulnerabilities
We follow coordinated disclosure. Once a fix is released, we will credit reporters (unless anonymity is requested) in the release notes.