We take security seriously and appreciate responsible disclosure.

We generally support the latest minor release published on npm. Please check the npm badge in README.md.

• Email: team.hookflo@gmail.com
• Subject: [Tern Security] Brief description
• Include: affected version(s), environment, minimal reproduction steps, and potential impact.

We aim to respond within 72 hours. If the report is valid, we will coordinate a fix and credit you (if desired) in the release notes.

• Please do not open public issues for security reports.
• We will provide a security advisory and a patched release as soon as feasible.
• If the issue is critical, we may privately notify major dependents before public disclosure.