Please report security vulnerabilities via GitHub's private vulnerability reporting.
Do not open a public issue for security vulnerabilities.
Security reports are welcome for:
- The CLI (
src/) - The menubar installer (
src/menubar-installer.ts) - The macOS menubar app (
mac/) - The desktop app (
desktop/) - CI/CD workflows (
.github/workflows/)
Menubar release assets include a .sha256 checksum file. The installer verifies the checksum before extracting and launching the downloaded bundle.