Security

SECURITY.md

Security Policy

Supported Versions

Security updates are provided for the latest main branch.

Reporting a Vulnerability

Please report security issues privately by email:

security@atomichabits.local

Include:

A clear description of the issue
Reproduction steps
Affected components/versions
Impact assessment

Do not disclose vulnerabilities publicly before maintainers confirm a fix and release timeline.

Secret handling

Never commit API keys, tokens, or passwords.
Use environment variables and .env files excluded by .gitignore.

There aren’t any published security advisories