Thank you for helping keep this project and its users safe!
This document outlines how to responsibly report security vulnerabilities and what you can expect in return.

Only actively maintained versions of this project receive security updates.
Please make sure you are using the latest release.

If you discover a security vulnerability, do not open a public issue.
Instead, please report it responsibly by following the steps below:

1. Email the maintainers:
   📧 viratiaki53@gmail.com

2. Include as much detail as possible:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact and affected versions
   • Suggested fixes (if any)

3. You will receive an acknowledgment within 48 hours (may vary) and a full response within 5–7 days (may vary).

If the vulnerability is confirmed, we will:

• Prepare a fix or mitigation plan
• Credit you (if desired)
• Release an update with security notes in the changelog

To help maintain a secure project environment:

• Keep dependencies updated (npm audit, pip audit, etc.)
• Never commit credentials or API keys
• Use .env for secrets and exclude it via .gitignore
• Regularly review permission scopes in APIs and workflows
• Use HTTPS for all network communications

We appreciate responsible disclosure and request that you:

• Do not exploit vulnerabilities for any reason
• Avoid public discussion until a patch is released
• Coordinate directly with maintainers for fixes

If you're unsure whether something is a security issue, you can contact the maintainers privately:
📧 viratiaki53@gmail.com