If you discover a security vulnerability, please report it responsibly.

1. Do NOT create a public GitHub issue
2. Send details to: [Telegram Handle] (Telegram)
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 24 hours
• Initial Response: Within 48 hours
• Resolution: ASAP depending on severity

• Never commit API keys to repository
• Use environment variables
• Rotate keys regularly

• Keep npm packages updated
• Review new dependencies
• Run npm audit regularly

• Encrypt sensitive data at rest
• Use HTTPS for all connections
• Implement least privilege access

Last Updated: 2026-05-17