We take the security of the Spotlight JS project seriously and appreciate the community's efforts in reporting vulnerabilities responsibly.

We currently accept and prioritize vulnerability reports only for the latest stable version of the library. Users are strongly encouraged to always upgrade to the most recent release.

We ask that all newly discovered vulnerabilities be reported confidentially and responsibly before public disclosure.

Do not use the public GitHub Issues tracker.

Vulnerability reports must be submitted through the GitHub Security Advisory feature in your repository. This process ensures that the vulnerability details are known only to the project maintainers until a patch is ready for release.

To submit a report:

1. Navigate to the Security tab of your repository.

2. Select Report a vulnerability.