We actively maintain the latest release of node-hhru-api. Security updates will only be provided for the most recent version.
Older versions will not receive security fixes unless explicitly stated.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
If you discover a security vulnerability, please help us keep the ecosystem safe by reporting it responsibly:
+Please open a public GitHub issue.
This project is designed to provide a Node.js client for the hh.ru API. As the project evolves, new endpoints will be supported, including but not limited to:
- Authorization & token refresh
- User data
- Employer & vacancies
- Resumes
- Other hh.ru API methods
All API request wrappers added in the future will follow the same security review process.
- Always use the latest version of the library.
- Do not expose your
client_secretoraccess_tokenin public repositories or logs. - Use environment variables for sensitive credentials.
- Rotate tokens regularly.
- When implementing authentication flows, always use HTTPS and secure redirect URIs.
We strongly encourage coordinated disclosure. If a vulnerability is confirmed, we will:
- Publish a security advisory on GitHub.
- Release a patched version as quickly as possible.
- Credit the reporter (unless anonymity is requested).