If you discover a security vulnerability, please report it by opening an issue or contacting the maintainers directly. Do not post sensitive information publicly.
- No hardcoded secrets or credentials in code
- Use environment variables or configuration files excluded from version control
- Validate and sanitize all user input
- Use parameterized queries for database access
- Keep dependencies up to date
- Review code for security issues before merging