Security fixes are applied to the latest minor release on the default branch when practical. Use current versions from npm or this repository.

Please do not open a public GitHub issue for undisclosed security vulnerabilities.

• Preferred: use GitHub Security Advisories for this repository (private report to maintainers).
• Include steps to reproduce, affected versions if known, and impact.

Nodaro is not a hardened multi-user admin: it has no built-in authentication. Treat deployments like direct database access—see the Security section in the README.

We will coordinate a fix and release notes when appropriate; credit can be given in the changelog if you wish.