🦄 “It’s not a bug, it’s an impromptu feature demo.” —A developer, probably. Hopefully not me.
Hey. I'm Ashley—the one and only human behind this repo (and all the others here or with the CheckMarK name on them). If you’ve stumbled across something security-related—a leak, a loophole, a weird edge case with evil vibes—thank you. I want to hear about it.
Here’s what I definitely want to know about:
- Secrets or API keys doing the walk of shame outside
.env - Auth bypasses, permission bugs, impersonation quirks, or “wait how did you even get here” moments
- Security vulnerabilities in dependencies or automation
- Anything that lets someone do ✨spicy✨ things they shouldn’t
Things that don’t count (but I admire your curiosity):
- DOS attacks that require you to summon CPU demons with 100k requests per second
- Bugs that are annoying but not security-related
- Stuff that breaks only in IE6, Node 10, or cursed edge cases from 2012
Please don’t open a public issue that starts with “this whole repo is a security disaster” or "repo insecure AF."
Instead, email me directly at:
✉️ human@checkmarkdevtools.dev
Include:
- What you found
- How to reproduce it
- Bonus points for screenshots, logs, or cursed diagrams in Notion or Paint
I’ll read it. I’ll fix it. I might even send back a thank-you gif (no promises, depends how dramatic it is).
- I take security seriously, even if this file doesn’t sound like it.
- Let me know privately so I can fix things before they hit the internet and I'm drinking weird caffeinated mixtures after dark.
- If it’s legit, I’ll shout you out—or not, if you prefer to remain the cool mysterious hacker in the shadows.
- Please don’t publish it before I’ve had time to clean up the mess. I’ll be fast. Probably...
Thanks for keeping the chaos constructive. 🫶