We take security seriously. If you discover a security vulnerability, please follow these steps:

• Open a public GitHub issue
• Discuss the vulnerability publicly before it's fixed

1. Email us directly at security@philjs.dev with:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes

2. Allow time for response - We aim to respond within 48 hours

3. Coordinate disclosure - We'll work with you to understand and fix the issue before any public disclosure

1. Acknowledgment - We'll confirm receipt of your report within 48 hours
2. Assessment - We'll investigate and determine the severity
3. Fix - We'll develop and test a fix
4. Release - We'll release the fix and credit you (if desired)
5. Disclosure - We'll publish a security advisory

This policy applies to:

• All packages in the philjs monorepo
• Official PhilJS documentation site
• Official PhilJS examples

We appreciate security researchers who help keep PhilJS safe. With your permission, we'll acknowledge your contribution in:

• Release notes
• Security advisories
• Our contributors list

Thank you for helping keep PhilJS and its users safe!