| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue.
- Email daniel@welldundun.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- You will receive acknowledgment within 48 hours.
- We will work with you to understand and fix the issue before any public disclosure.
This is a CLI tool that reads local filesystem contents and produces JSON output. It does not:
- Make network requests
- Execute arbitrary code from repositories it audits
- Store or transmit user data
The primary attack surface is malicious content in repository files that could cause unexpected behavior during audit/scaffold operations.