If you've found a vulnerability or a potential vulnerability in twittr-oauth2 please let me know at kgoro.dev@gmail.com. I'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.