Security fixes target the latest published major version of Coaction packages. Older versions may receive fixes when the affected code path is still maintained and a safe patch is practical.

Please do not open a public issue for a suspected vulnerability.

Report security concerns through GitHub private vulnerability reporting if it is available for this repository. If that path is unavailable, email the maintainer listed in package.json.

Include:

• affected package and version
• a minimal reproduction or proof of concept
• expected impact
• any known workaround

The maintainer will acknowledge valid reports as soon as practical and will coordinate disclosure timing before publishing details.