If you discover a security vulnerability, please do not open a public issue. Instead, email security concerns to the maintainer directly.

• All dependencies are scanned via Dependabot
• Commits are linted and formatted automatically
• Code is linted with xo (including security rules)
• Tests must pass before merge
• No secrets or credentials in repositories

We actively monitor and update dependencies. Security patches are prioritized and released as patch versions.