We take security seriously. If you discover a potential security issue, please follow the guidelines below.
- Do not create a public issue for security vulnerabilities.
- Email security@novustech.io with:
- A clear description of the issue
- Steps to reproduce
- Impact and suggested mitigation
We will respond within 72 hours and coordinate a fix and disclosure plan.
We appreciate responsible disclosure. Do not exploit or publicly disclose vulnerabilities before a fix is available.
Keep third-party dependencies up to date. The project uses pnpm and a lockfile is included.