If you discover a security vulnerability in the YON toolchain, please report it responsibly:
- DO NOT file a public GitHub issue.
- Email office@younndai.com with:
- A description of the vulnerability and its potential impact
- Steps to reproduce, or a proof of concept (if safe to share)
- Affected packages and versions
- Suggested severity: Critical, High, or Moderate
Responsible disclosure preserves the safety of every downstream user.
| Action | SLA |
|---|---|
| Acknowledgement | 72 hours |
| Initial assessment | 7 calendar days |
| Remediation or advisory | 30 calendar days |
Critical issues are prioritized and may be patched ahead of the stated window where feasible.
The latest released minor of each @younndai/* toolchain package is supported.
Security fixes land on the current release line; older lines are upgraded
forward rather than back-patched unless otherwise noted in an advisory.
We commit to:
- Acknowledging your report within the timeline above
- Working with you to verify and reproduce the vulnerability
- Coordinating a public disclosure date that gives users time to update
- Crediting you in the security advisory (unless you prefer anonymity)
© 2026 MARLINK TRADING SRL (YounndAI).