Responsible Disclosure
Security Policy
Report vulnerabilities privately so maintainers can triage and patch before public disclosure.
Supported Versions
Security fixes are provided for the latest 1.x release line.
How to Report
Send details to:
prateekbhujelpb@gmail.com
Include:
- Impacted package version
- Reproduction steps or proof of concept
- Expected and observed behavior
- Potential impact assessment
Do not open public GitHub issues for unpatched vulnerabilities.
Response Targets
- Initial acknowledgement: within 72 hours
- Triage update: within 7 days
- Patch release: prioritized by severity