We take the security of FriendsOfAdonis seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

1. Go to the Security tab on our GitHub repository
2. Click on "Report a vulnerability"
3. Fill out the security advisory form with details about the vulnerability
4. Submit the report

If you prefer to report via email, please send your report to:

Email: contact@martin.xyz

Subject: [SECURITY] FriendsOfAdonis Security Vulnerability Report

To help us better understand and address the vulnerability, please include:

• Description: A clear description of the vulnerability
• Steps to Reproduce: Detailed steps to reproduce the issue
• Impact: Potential impact of the vulnerability
• Affected Versions: Which versions of our packages are affected
• Environment: Node.js version, operating system, etc.
• Proof of Concept: If possible, include a proof of concept
• CVE ID: If this vulnerability has already been assigned a CVE ID

We follow responsible disclosure practices:

1. Private Reporting: Security issues are kept private until resolved
2. Coordinated Disclosure: We work with reporters to coordinate public disclosure
3. Credit: We give credit to security researchers who report vulnerabilities
4. No Retaliation: We do not take action against researchers who report vulnerabilities in good faith

When security vulnerabilities are fixed, we will:

1. Release patched versions of affected packages
2. Update our security advisories
3. Notify users through our usual release channels
4. Credit the reporter (if they wish to be credited)

For security-related questions or concerns:

• Security Email: contact@martin.xyz
• GitHub Security Tab: Security Advisories

Thank you for helping keep FriendsOfAdonis secure!