Security Policy¶
nirs4all-formats parses untrusted binary and text files. Readers must fail closed.
Runtime Rules¶
Bound all reads and decompression.
Reject archive path traversal, absolute paths, symlinks and device files.
Preserve native values but report NaN/Inf and non-monotonic axes.
Never execute vendor macros or embedded scripts.
Treat GPS, operator names, serial numbers and comments as potentially sensitive metadata.
Reporting¶
Before public releases, report issues directly to the maintainer. After the GitHub repository is public, use GitHub private vulnerability reporting if enabled.