Security fixes target the latest released version. Pre-1.0.0 APIs may change while the design system stabilizes.

Do not open a public issue for vulnerabilities. Report security concerns through GitHub's private vulnerability reporting for this repository when available, or contact the maintainer through the GitHub profile linked from the repository.

Include:

• Affected version or commit.
• Reproduction steps or proof of concept.
• Expected and actual impact.
• Any known workaround.

The project avoids collecting secrets or user data. Never include credentials, signing keys, tokens, or private app data in reports, logs, screenshots, or sample projects.