If you believe you have found a security vulnerability in envra, please report it responsibly.
Do not open a public GitHub issue for undisclosed security bugs.
Instead, contact the maintainers privately (for example via GitHub Security Advisories for this repository, if enabled, or the email listed in the repo’s profile once published).
Include:
- A short description of the issue
- Steps to reproduce (if applicable)
- Affected versions or packages (
@envra/core,@envra/cli, etc.)
We will aim to acknowledge receipt and coordinate a fix and disclosure timeline.