Skip to content

Security: Israleche/powershell-istar-pack

Security

SECURITY.md

Security Policy

Supported Versions

Istar Pack is a single-file PowerShell script. Only the latest released version receives security updates. Older versions are supported on a best-effort basis.

Version Supported
latest
older

Reporting a Vulnerability

If you discover a security vulnerability in Istar Pack (for example, the script writing unexpected files, executing untrusted commands, or failing to respect its documented backup/rollback behavior), please do not open a public issue.

Instead, report it privately:

You can expect an acknowledgement within 72 hours. Once the issue is confirmed, we will work on a fix and coordinate a disclosure timeline with you. Credit will be given in the fix unless you prefer to remain anonymous.

Scope Notes

Istar Pack installs third-party software (Scoop, Oh My Posh, Zoxide, FZF, 7-Zip, Nerd Fonts) and modifies your PowerShell profile. Vulnerabilities in those upstream projects should be reported to their respective maintainers; this policy covers Istar Pack's own code only.

There aren't any published security advisories