Thank you for taking the time to responsibly disclose security issues in Auto-Ship.

If you discover a potential security vulnerability, please do not open a public issue. Instead, email the maintainers privately at: ashmitkumar1020@gmail.com

When reporting, include:

• A clear description of the issue and impact.
• Steps to reproduce, including minimal proof-of-concept if possible.
• Affected versions or commit hash.
• Any logs, stack traces or screenshots that help reproduce the problem.

Response timeline

• We will acknowledge receipt within 48 hours.
• We aim to provide an initial assessment and mitigation plan within 7 days.
• For critical vulnerabilities we will prioritize fixes and coordinate disclosure.

• Please give maintainers a reasonable time to fix the issue before publicly disclosing details (typically 60–90 days depending on severity).
• We will coordinate public disclosure and credit the reporter unless they request anonymity.

• Security fixes are provided for the current main branch and the latest released tag. If you are unsure whether a release is supported, contact the security email.

• Avoid sending sensitive secrets when reporting issues. If secrets are required to reproduce, share them via secure channels or use redacted examples and instructions to recreate the scenario.