We take security seriously. Here’s what you need to know.

Do not use public GitHub issues. Contact via:

• Discord: s16dih (see source code)

Include:

• Type of vulnerability (e.g., xss, injection)
• Affected files and code location (branch, tag, commit, URL)
• Steps to reproduce
• Proof-of-concept, if available
• Potential impact

Timeline:

• Initial response: within 48 hours
• Status update: within 7 days
• Patch release: as soon as validated

• Basic sanitization may not catch all xss attacks
• yaml parser dependency (js-yaml) needs to be updated
• Client side only; handle sensitive data server-side

We will:

1. Confirm the issue and affected versions
2. Audit similar code
3. Prepare fixes
4. Release patched versions promptly

Last Updated: September 29, 2025 License: MIT (LICENSE file)