If you discover a security vulnerability, do not create a public issue.
Contact the maintainers directly by sending an email or private message with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We commit to responding within 48 hours and prioritizing critical vulnerability fixes.
- Never commit secrets (
.env, API keys, tokens) - Always use environment variables for sensitive data
- Make sure
.envis in.gitignorebefore pushing