Security support applies to the current main branch and the latest published @evref-bl/dev-nexus npm package. Older alpha releases may receive fixes only when a maintainer explicitly marks them as supported.

Report suspected vulnerabilities privately. If GitHub private vulnerability reporting is available for this repository, use https://github.com/Evref-BL/DevNexus/security/advisories/new. Otherwise contact a project maintainer through the private channel you already use with the Evref-BL organization.

Do not open a public issue with exploit details, live tokens, private keys, hostnames, or reproduction data that exposes another system.

Please include:

• A short description of the affected behavior.
• The affected version, commit, package, or command.
• Reproduction steps or a minimal proof of concept.
• Any known impact or mitigation.

The maintainer response should confirm receipt, triage severity, coordinate a fix, and publish public details only after the fix or mitigation is ready.