dataprof 0.8.1

High-performance data profiler with ISO 8000/25012 quality metrics for CSV, JSON/JSONL, and Parquet files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

# Security Policy

## Supported Versions

We actively support the following versions of dataprof:

| Version | Supported          |
| ------- | ------------------ |
| 0.7.x   | :white_check_mark: |
| 0.6.x   | Security fixes     |
| < 0.6   | :x:                |

## Reporting a Vulnerability

We take the security of dataprof seriously. If you discover a security vulnerability, please report it responsibly.

### How to Report

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Use GitHub's private security advisory feature to report issues
3. Contact the maintainer through GitHub for urgent matters

### What to Include

When reporting a security vulnerability, please include:

- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Any proposed fixes or mitigations
- Your contact information for follow-up

### Response Timeline

- Acknowledgment: We will acknowledge receipt within 48 hours
- Initial Assessment: We will provide assessment within 5 business days
- Status Updates: Progress updates every 7 days
- Resolution: We aim to resolve critical vulnerabilities within 30 days

### Disclosure Policy

- We will work with you to understand and resolve the issue quickly
- We will acknowledge your responsible disclosure publicly (with your permission)
- We will coordinate public disclosure timing with you

## Security Best Practices

When using dataprof:

- Keep your Rust toolchain updated
- Use the latest version of dataprof
- Be cautious when analyzing untrusted data files
- Review generated HTML reports before sharing them
- Use appropriate file permissions for sensitive data

## Security Features

dataprof includes several security considerations:

- Local file profiling makes no network connections; data is processed locally only
- Remote URL profiling (`async-streaming` / `parquet-async` features) and database
  profiling (`postgres`, `mysql`, `sqlite` features) do make outbound network
  connections to the configured endpoints — review URLs and connection strings
  before profiling untrusted sources
- HTML reports contain only analysis results, not raw data
- No persistent storage of analyzed data
- Memory-safe Rust implementation

Thank you for helping keep dataprof secure!