Thank you for helping keep Packy and its users safe!

If you discover a security vulnerability, do not disclose it publicly. Please follow these steps:

1. Email the maintainers at [email protected] or use the GitHub security advisory feature.
2. Provide as much detail as possible, including:
   • Affected version(s)
   • Steps to reproduce
   • Impact and severity
   • Any suggested fixes
3. Wait for a response. We aim to acknowledge all reports within 48 hours.

• Do not create public issues for security vulnerabilities.
• We will coordinate with you to validate, address, and disclose the issue responsibly.
• Credit will be given to reporters unless requested otherwise.

We support the latest major release of Packy. Please ensure you are using the latest version before reporting.

This policy may be updated as needed. For questions, contact the maintainers.