| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in this package, please report it by:
- Do not open a public issue
- Email the maintainer directly at: [your-email@example.com]
- Include a detailed description of the vulnerability
- Include steps to reproduce if applicable
We will respond to security reports within 48 hours and provide a timeline for fixes.
This package:
- Contains only CSS and TypeScript code
- Has no runtime dependencies
- Uses only CSS counters (no JavaScript execution)
- Does not process user input at runtime
- Does not make network requests
The package is designed to be secure by default with minimal attack surface.