Could you add a Security.md file?

[fredgan]

Hi, @Tessil

Thanks for your project to us. It's great appreciated for your contribution.

Could you add a Security.md file which describes how to report a vulnerability to you privately if users find a one?

You can do it in the Security page which will give you a template file, just put some key informations(such as Email address or Vulnerabilities submission link) in the SECURITY.md and commit it.

Besides, It's strongly recommended to enable GitHub security features:

1. Static Application Security Testing (SAST)
   Implementing SAST tools is crucial as it allows us to detect vulnerabilities at an early stage of the development cycle.
   You can check it in the Settings - Code Security page. You can enable the Code scanning options.

2. Branch Protection
   Enabling branch protection rules and mandatory code reviews can significantly reduce the risk of introducing vulnerabilities. The important branches should be protected because it should not be deleted or forced pushed by mistaken.
   You can check it in the Settings - Branches page, You can click the Add branch ruleset or Add classic branch protection rule to protect one or more branches.

Thanks.