If you discover a security vulnerability in CacheKit, please report it responsibly.

Do not open a public issue.

Instead, use GitHub's private vulnerability reporting to submit your report. We will acknowledge receipt within 48 hours and provide a timeline for a fix.

This policy covers the @cachekit-io/cachekit and @cachekit-io/cachekit-core-ts packages. For issues with the CacheKit SaaS platform (api.cachekit.io), contact security@cachekit.io.