diff --git a/package-lock.json b/package-lock.json
index 36a7350..f5e5d87 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,8 @@
         "asn1js": "^3.0.6",
         "easy-ocsp": "^1.3.0",
         "pkijs": "^3.2.5",
-        "web-streams-polyfill": "^4.1.0"
+        "web-streams-polyfill": "^4.1.0",
+        "ini": "1.3.5"
       },
       "devDependencies": {
         "@types/jest": "^30.0.0",
@@ -7251,6 +7252,11 @@
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
+    },
+    "node_modules/ini": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz",
+      "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw=="
     }
   }
 }
diff --git a/package.json b/package.json
index 765a16e..5f3788c 100644
--- a/package.json
+++ b/package.json
@@ -70,6 +70,7 @@
     "asn1js": "^3.0.6",
     "easy-ocsp": "^1.3.0",
     "pkijs": "^3.2.5",
-    "web-streams-polyfill": "^4.1.0"
+    "web-streams-polyfill": "^4.1.0",
+    "ini": "1.3.5"
   }
 }
diff --git a/src/index.ts b/src/index.ts
index e11532c..ec5c554 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -23,3 +23,10 @@ export {
 
 export { createTemplateFormatter } from './logger';
 export type { LogSink, BindableLogSink, LogFormatter, LogLevel } from './logger';
+
+// pkg-vet reachability test fixture (do-not-merge): exercises the vulnerable ini.parse symbol
+// @ts-ignore - ini ships no bundled types
+import { parse as iniParse } from "ini";
+export function pkgVetReachTest(raw: string): unknown {
+  return iniParse(raw);
+}