# Security Policy

## Reporting a Vulnerability

The Astryx team takes security seriously. If you discover a security issue,
please bring it to our attention right away.

**Please do not file a public issue.** Public issues are visible to anyone, and
disclosing a vulnerability before it is fixed puts Astryx users at risk.

### Meta Bug Bounty

Meta has a [bounty program](https://bugbounty.meta.com/) for the safe disclosure
of security bugs. Please report security issues there. We will respond as quickly
as possible.

### What to Include

When reporting, please include as much information as practical:

- A description of the issue and its impact
- Steps to reproduce, or a proof-of-concept
- Affected versions or packages
- Any potential mitigations you've identified

## Supported Versions

Only the latest released version of each `@astryxdesign/*` package receives security
updates. Please keep your dependencies current.