If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Email the maintainer or use GitHub's private vulnerability reporting
3. Include a description of the vulnerability and steps to reproduce

You can expect an initial response within 48 hours, and we will work with you to understand and address the issue promptly.

• Keep dependencies up to date
• Review code changes carefully before merging
• Never commit secrets, API keys, or credentials to the repository