Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via GitHub's private vulnerability reporting.

Include as much detail as possible: steps to reproduce, potential impact, and any suggested fixes. We aim to acknowledge reports within 48 hours and provide a fix or mitigation plan within 14 days.

Only the latest published version on npm receives security fixes.