Thank you for helping keep this site secure. To avoid unnecessary risk to users, please follow the policy below.

• Do not report security issues via public Issues/PRs.
• If you discover a vulnerability or security risk, contact me privately (see the site’s About page or the repository README for contact notes).
• Please include, where possible:
  • Description and impact
  • Minimal reproduction steps and affected pages/interfaces
  • Environment details (browser, OS, network)
  • Mitigation ideas (if any)

• I typically acknowledge within 7 calendar days and start triage. I may ask for more details if needed.
• For valid issues, I’ll work on a fix and coordinate disclosure.
• Please do not publicly share details prior to a fix. If you plan to publish research, coordinate a disclosure window with me first.

• This repository is a static website source and its build configuration. Common risks include:
  • Content/script injection and supply chain risks
  • CI/CD misconfigurations from build scripts/dependencies
  • Accidental information leakage (e.g., secrets committed by mistake)
• Out of scope examples:
  • Platform-wide issues with GitHub Pages
  • Vulnerabilities in third-party scripts/services not controlled by this project

• Current development version is in package.json.
• Security fixes ship with the latest version. This is a personal project; no LTS guarantees for older versions.

• No bug bounty at this time.
• With your permission, confirmed issues may be credited in the changelog or acknowledgments (anonymity upon request).

Thanks for acting responsibly and for your support!

Authored by FlowerCA77 with assistance from GitHub Copilot (AI-generated content).