If you discover a security vulnerability in this project, please report it responsibly:
- Do NOT open a public issue
- Email security concerns to the maintainer directly
- Include steps to reproduce the vulnerability
- All secrets are managed via environment variables (never committed)
- Dependencies are regularly audited via
npm audit/pip audit - Input validation is enforced on all user-facing endpoints
- Database queries use parameterized statements (ORM/prepared statements)
Dependencies are reviewed and updated on a regular schedule. Critical security patches are applied immediately.
VIC Foundation