We release patches for security vulnerabilities in the following versions:

If you discover a security vulnerability in this project, please report it by:

1. Do not open a public issue
2. Email the maintainer at: [security contact email]
3. Or use GitHub's private vulnerability reporting feature

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will respond to security reports within 48 hours and will keep you updated on the progress toward a fix.

• Never commit sensitive data (API keys, passwords, tokens)
• Keep dependencies up to date
• Pin dependencies to a specific version
• Avoid automatic lifecycle scripts (preinstall, postinstall, & prepare)
• Follow secure coding practices
• Use signed commits when possible