If you discover a security vulnerability in any tskovlund repository, please report it responsibly.
Do not open a public issue.
Instead, use one of these methods:
- GitHub Private Vulnerability Reporting — click "Report a vulnerability" in the Security tab of the affected repository
- Email — thomas@skovlund.dev
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions (if known)
- Suggested fix (if any)
I aim to acknowledge reports within 48 hours and provide a fix or mitigation plan within 7 days. Critical vulnerabilities will be prioritized.
This policy applies to all public repositories under tskovlund.