We take security seriously. If you believe you have found a security vulnerability, please report it to us.
Please do not disclose security vulnerabilities publicly. Instead, email us at security@example.com with the details.
We will respond to your report within 48 hours and will work with you to understand and resolve the issue.
This security policy applies to the package registry and its associated services.
We do not currently offer a bug bounty program, but we appreciate your help in keeping our service secure.