If you believe you have found a security issue in Writmint, please report it privately — do not open a public GitHub issue.

• Preferred: open a private advisory at https://github.com/razukc/writmint/security/advisories/new
• Alternative: email kc.razu@gmail.com with the subject line [writmint security] and a description of the issue, reproduction steps, and the affected version.

You can expect an initial acknowledgement within 5 business days. We will work with you on a coordinated disclosure timeline once the issue is confirmed.

This policy covers the published writmint npm package and the source in this repository. Issues in third-party dependencies should be reported upstream first; if you believe Writmint's use of a dependency materially worsens the impact, include that analysis in your report.

Writmint is at v0.1 and pre-stable. Security fixes will land on main and ship in the next release; there is no separate LTS line yet.