If you discover a security vulnerability in MARK Method, please report it responsibly:

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email: Send details to the maintainer via GitHub's private vulnerability reporting
3. Or: Use GitHub's Security Advisory feature

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Status update: Within 7 days
• Resolution timeline: Depends on severity, typically within 30 days

This security policy covers:

• The mark-method npm package
• The CLI installation tool
• Generated configuration files

This policy does NOT cover:

• Third-party dependencies (report to those projects directly)
• User-generated content or configurations

When using MARK Method:

1. Review generated files before committing to version control
2. Never commit .env files or API keys to your repository
3. Keep dependencies updated with npm audit and npm update

We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.