We only provide security fixes for the latest published version. Since the package is published daily with fresh data, we recommend always using the latest version.

If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Instead, use GitHub private vulnerability reporting

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix: As soon as possible, depending on severity

This policy covers the educhk npm package and the associated Cloudflare Worker API.