SECURITY.md

We take the security of our project seriously. If you believe you have found a security vulnerability, please report it through GitHub's Security tab:

1. Go to our repository's Security tab
2. Click "Report a vulnerability"
3. Fill out the form with:
   • A description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Suggested fix (if any)

For more information on reporting security vulnerabilities through GitHub, visit:https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability

• We will acknowledge receipt of your report within 48 hours
• We will provide a more detailed response within 7 days
• We will work on fixing the issue and keep you informed of our progress
• Once the issue is resolved, we will publish a security advisory

• Security updates will be released as soon as possible after a vulnerability is confirmed
• Legacy versions will receive security updates for [X] months after release
• Updates will be clearly marked in our changelog

We recommend users:

• Keep dependencies up to date
• Use the latest stable version
• Enable security alerts in GitHub
• Regularly audit dependencies usingnpm audit or similar tools

• We follow responsible disclosure practices
• Vulnerabilities will be announced 7 days after a fix is released
• Critical vulnerabilities may be announced sooner depending on potential impact

• Enable security features in your implementation
• Follow our security configuration guide in the documentation
• Use environment variables for sensitive information

There aren’t any published security advisories