We take security seriously and appreciate the efforts of the security research community in responsibly disclosing vulnerabilities. If you discover a security vulnerability in this repository, please report it.
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue (if applicable)
- The affected versions
- Any potential impact or exploitation details
- Your contact information for follow-up
Please allow us up to 90 days to acknowledge and address reported vulnerabilities before public disclosure.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Previous Major | ✅ Yes |
| Older versions | ❌ No |
- Keep your local copy of this repository up to date
- Review commits before pulling updates
- Report any suspicious activity or vulnerabilities
- Follow secure coding practices
- Review dependencies for known vulnerabilities
- Do not commit sensitive information (credentials, API keys, etc.)
- Sign your commits when possible
We regularly monitor and update our dependencies to ensure they are free of known vulnerabilities. Contributors are encouraged to:
- Run
npm auditor equivalent tools for your package manager - Report outdated or vulnerable dependencies
- Keep pull requests up to date with the latest security patches
We appreciate the security research community's efforts in helping us maintain a secure repository. Responsible disclosure helps us protect our users and community.
Last Updated: 2026-01-14