Please do not open public GitHub issues for security problems.

Use GitHub's private vulnerability reporting for this repository if it is enabled. If private reporting is not available, contact the maintainer directly through GitHub with:

• A short description of the issue
• Steps to reproduce it
• The affected platform or environment
• Any suggested mitigation or fix

• Acknowledgement after the report is reviewed
• Coordination on scope, severity, and a fix
• Public disclosure only after a patch or mitigation is available

This project is a local-first desktop application. Reports are most useful when they cover vulnerabilities that affect shipped builds, local data protection, dependency exposure, update distribution, or credential handling.