If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue.
Instead, use GitHub's private vulnerability reporting:
- Go to Security → Advisories → New draft advisory
- Describe the vulnerability and its potential impact
- Include steps to reproduce if possible
You should receive a response within 7 days. If the vulnerability is confirmed, a fix will be prioritized and a security advisory published with the patch release.
This policy covers the restyle-sprites npm package and its source code. It does not cover third-party dependencies — please report those to the respective maintainers.
This project uses:
- Gitleaks in CI to prevent accidental secret commits
- npm provenance on published packages
- Dependency pinning via
pnpm-lock.yaml