# Security Policy

## Supported Versions

Until `@nestarc/webhook` reaches `1.0.0`, security fixes are provided for the
latest published version only.

## Reporting a Vulnerability

Report suspected vulnerabilities through GitHub private vulnerability reporting
for this repository.

If private reporting is unavailable, open a public issue that requests a private
contact channel, but do not include exploit details, secrets, tokens, logs, or
proof-of-concept code in the public issue.

Please include:

- Affected version
- Impacted component or API
- Reproduction steps or proof of concept
- Expected and observed behavior
- Any known workarounds

Security reports are prioritized ahead of regular bug reports. Confirmed issues
will be fixed in a patch release and documented in the changelog once disclosure
is appropriate.