We actively support the following versions with security updates:

If you discover a security vulnerability, please do not open a public issue. Instead, please report it privately by:

1. Opening a private security advisory on GitHub
2. Or emailing the maintainers directly

We will respond to security vulnerabilities as quickly as possible and work with you to fix and release a patch.

• Never commit .env.local or any file containing secrets
• Use strong, unique passwords
• Enable two-factor authentication on Supabase
• Regularly update dependencies: npm audit and npm update
• Keep your Supabase project secure with proper RLS policies

• Always use environment variables for sensitive data
• Review and test RLS policies before deploying
• Keep dependencies up to date
• Use npm audit to check for vulnerabilities
• Follow the principle of least privilege in database policies

• This application uses Supabase for authentication and database
• Row Level Security (RLS) is enabled on all tables
• All API keys should be kept secret and never exposed in client-side code
• The NEXT_PUBLIC_* prefix means these variables are exposed to the browser - only use for non-sensitive configuration

We regularly update dependencies to patch security vulnerabilities. Always keep your dependencies up to date:

npm audit
npm audit fix