If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email security concerns to the maintainers privately
- Include detailed steps to reproduce the vulnerability
- Allow up to 48 hours for initial response
| Version | Supported |
|---|---|
| latest | ✅ |
This project requires sensitive credentials to run:
- API keys (Stripe, OpenAI, Anthropic, etc.)
- OAuth credentials (Google, Instagram)
- Firebase Admin SDK credentials
- Database connection URLs
NEVER commit credentials to git. Use environment variables only.
- Copy
.env.exampleto.env - Fill in your own credentials
- Never share or commit your
.envfile
See .env.example for the complete list of required configuration.
- We use Dependabot for automated security updates
- All PRs are scanned for secrets before merge
- Dependencies are audited regularly