# Security Policy

## Supported versions

Security fixes are handled for the latest published npm version and the current
`main` branch.

## Reporting a vulnerability

Please report vulnerabilities privately through GitHub Security Advisories:

<https://github.com/phongndo/pi-threads/security/advisories/new>

If the advisory form is unavailable, contact the maintainer through
<https://github.com/phongndo> and avoid posting exploit details in a public
issue.

Please include:

- Affected version or commit.
- Steps to reproduce or a proof of concept.
- Impact and any known mitigations.

The maintainer will acknowledge reports as soon as practical, coordinate a fix,
and publish public details after users have had a reasonable opportunity to
upgrade.
