If you discover a security vulnerability, please report it by:

1. Do NOT open a public issue
2. Send a private report via GitHub Security Advisories
3. Or email the maintainer directly

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You can expect:

• Acknowledgment within 48 hours
• Status update within 7 days
• Credit in the fix release (unless you prefer anonymity)

Thank you for helping keep vfv secure.