To report a vulnerability, please use GitHub Security Advisories rather than opening a public issue.

Secrets (Bluesky app password, Mastodon access token) are stored as Cloudflare Worker secrets via wrangler secret put and never appear in any file in this repository. wrangler.personal.toml is gitignored.

npm audit reports zero vulnerabilities. To verify: npm audit.