| Version | Supported |
|---|---|
| 2.x.x | ✅ Active support |
| 1.x.x | ❌ End of life |
If you discover a security vulnerability in @tiktool/live, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email us at: security@tik.tools
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
- Acknowledgment: Within 48 hours
- Assessment: Within 5 business days
- Fix: Critical issues patched within 7 days
This policy covers:
- The
@tiktool/livenpm package - The SDK source code in this repository
- The
api.tik.toolsAPI server
Out of scope:
- TikTok's own infrastructure
- Third-party services used alongside our SDK
When using @tiktool/live:
- Never commit API keys — use environment variables or secret managers
- Keep dependencies updated — run
npm auditregularly - Use HTTPS — the default
signServerUrluses HTTPS; never change to HTTP in production - Rotate keys — if you suspect a key is compromised, regenerate it from your dashboard