Security updates are applied to the latest minor release line of each published package (@epochflow/core, @epochflow/react). Use current versions from npm when possible.

Please report security issues privately so we can coordinate a fix before public disclosure.

1. Use GitHub private vulnerability reporting if it is enabled for this repository.
2. Otherwise, email or DM maintainers only through channels listed on the repository’s GitHub profile or organization page — do not open a public issue for undisclosed vulnerabilities.

Include:

• A short description of the issue and its impact
• Steps to reproduce or a minimal proof of concept
• Affected package(s), versions, and environments if known

We aim to acknowledge reports within a few business days and will work with you on severity and disclosure timing.

This project is maintained on a best-effort basis. Critical fixes will be prioritized for supported versions listed above.