Dotpath is public by design and should never contain secrets.
Please do not report real credentials in GitHub issues. If you find a scanner bypass, open an issue with a synthetic example or contact the maintainer privately.
- Dry-run install by default.
- No destructive overwrites.
- Secret scanner before publish.
- Public-safe examples only.