Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

Open a private GitHub security advisory. Do not file a public issue for security vulnerabilities.

Practices

Follow OWASP Top 10 guidelines.
No hardcoded secrets or credentials in source code.
Review dependencies for known CVEs before inclusion.
Validate all user input at system boundaries.

There aren't any published security advisories