If you discover a security vulnerability, please send an email to the maintainers. Please do not open a public issue for security vulnerabilities.

• Initial response: within 48 hours
• Status update: within 5 business days

• Never commit private keys or mnemonics
• Use environment variables for sensitive configuration
• Keep dependencies up to date