Library: maatify/bootstrap Maintainer: Mohamed Abdulalim (@megyptm) Organization: Maatify.dev License: MIT Version: 1.0.2 Last Updated: 2025-11-13

maatify/bootstrap is a foundational package — only the latest version receives updates.

If you discover a security vulnerability, please do NOT open a public GitHub issue. Instead, report it privately through:

• Email: security@maatify.dev
• GitHub Security Advisory: https://github.com/Maatify/bootstrap/security/advisories/new

Provide:

• Description + severity
• Steps to reproduce
• PHP version + OS
• Affected versions
• Suggested mitigation (optional)

Because this package handles environment loading, startup logic, and safe mode, its security demands are strict:

• No .env file may override pre-existing system variables.
• .env.local and .env.testing must never load in production.
• Test environments must load via immutable snapshots only.
• Sensitive environment values are never logged.

• Bootstrap::init() must never cause side effects outside its scope.
• Timezone auto-setup must use safe, validated values.
• Safe Mode protects production environments from accidental misconfiguration.

• Exception traces sanitized before logging.
• No leaking of sensitive environment paths.
• Consistent behavior across CLI, web, and CI environments.

• Overwriting CI credentials
• Overwriting PHPUnit test variables
• Loading .env.testing in production
• Logging actual .env secrets

• Protect .env.local, .env.testing, .env files from public access.

• On production servers:

  • Disable file browsing
  • Ensure .env is outside document root if possible
  • Use environment variables from systemd, Docker, or CI

• Do not store credentials inside repository

• Review Safe Mode warnings in your CI pipeline

For questions regarding security:

📧 security@maatify.dev
🌐 https://www.maatify.dev/security

_{© 2025 Maatify.dev — Maintained by @megyptm
Unified Bootstrap & Environment Loader for all Maatify PHP Libraries}