Security is important.

Policies

Information security policy

Reporting a vulnerability

Please follow these guides to report a vulnerability privately:

External audits - Open Source

Security best practices - securityscorecards.dev

We use securityscorecards.dev to automatically run the following open source security checks during development: https://github.com/ossf/scorecard/tree/main#checks-1.

A perfect score is 10/10; it’s calculated like this:

Source: https://securityscorecards.dev/#how-it-works

Source: https://securityscorecards.dev/#how-it-works