| Version | Supported |
|---|---|
| latest | Yes |
Please do not report security vulnerabilities through public GitHub Issues.
Instead, report them via GitHub Security Advisories. This allows us to assess and fix the issue before public disclosure.
When reporting, please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond within 48 hours and will work with you to understand and resolve the issue promptly.
We follow coordinated disclosure. Once a fix is released, we will:
- Publish a security advisory on GitHub
- Credit the reporter (unless anonymity is requested)
- Release a patched version to npm