Please do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities by emailing dev@sequence.xyz with the subject line
[SECURITY] react-native-sdk — <brief description>.
Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Affected versions (check
package.jsonfor the current version)
We aim to acknowledge reports within 2 business days and to provide a fix or mitigation timeline within 7 business days.
| Version | Supported |
|---|---|
| 0.1.x-alpha | ✅ Active development |
| Earlier | ❌ Not supported |
This policy covers the @0xsequence/oms-react-native-sdk npm package and the native bridge modules
in android/ and ios/. Example apps (examples/) are not considered in scope.