If you discover a security vulnerability in PrismGuard, please report it privately to the maintainers.
Do not create a public issue for security vulnerabilities.

We actively maintain security patches for the latest stable release of PrismGuard.
Older versions may not receive fixes, so we recommend keeping your installation up to date.

When running PrismGuard, we recommend:

• Keep your .env file private. Do not commit it to GitHub or share it publicly.
• Use strong, unique passwords for your database and API keys.
• Limit permissions for your bot token and database account to only what PrismGuard requires.
• Regularly update dependencies to patch known vulnerabilities.

1. Acknowledge the report quickly.
2. Investigate and verify the vulnerability.
3. Provide a fix or mitigation.
4. Coordinate public disclosure with the reporter if necessary.

• Node.js Security Best Practices
• PostgreSQL Security Checklist
• OWASP Top Ten