If you discover a security vulnerability in @decentralchain/marshall, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please send a detailed report to:

• Email: security@decentralchain.io

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours of receipt
• Initial Assessment: Within 5 business days
• Resolution Target: Within 30 days for critical issues

• We follow coordinated disclosure.
• We will credit reporters in release notes (unless anonymity is requested).
• Please allow us reasonable time to address the issue before any public disclosure.

• Always use the latest supported version.
• Pin your dependencies using a lockfile (package-lock.json).
• Verify package integrity via npm's built-in checksum verification.
• Review the CHANGELOG before upgrading.