If you discover a security vulnerability in this repository, please report it privately. Do not open a public issue for security problems.
- Use GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab), or
- Email the maintainers at the address listed in the repository description.
Please include:
- A description of the issue and its impact.
- Steps to reproduce or a proof of concept.
- Affected files, versions, or commits.
We aim to acknowledge reports within 5 business days.
This project's scripts read all credentials from environment variables (see
.env.example). Never commit real secrets.
- Keep API keys, tokens, and connection strings in a local
.envfile (which is git-ignored) or in your secret manager. - Do not paste real credentials, customer data, internal identifiers, or production exports into issues, pull requests, tests, or fixtures. Use the provided synthetic samples instead.
- If you believe a secret has been committed, treat it as compromised: rotate it immediately and notify the maintainers.