If you discover a security vulnerability in this project, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Email the maintainer directly or use GitHub's private vulnerability reporting feature
3. Include a detailed description of the vulnerability and steps to reproduce

You can expect:

• Acknowledgment of your report within 48 hours
• Regular updates on the progress of addressing the vulnerability
• Credit in the security advisory (if desired) once the issue is resolved

This project implements the following security practices:

• Dependency scanning with OSV Scanner
• Static analysis with CodeQL
• OpenSSF Scorecard monitoring
• Pinned GitHub Actions dependencies