If you discover a security vulnerability within this project, please report it by emailing [email protected].

Please do not create a public GitHub issue for security vulnerabilities.

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution: Depends on complexity, but we aim to address critical issues promptly

• We will acknowledge receipt of your report
• We will investigate and validate the issue
• We will work on a fix and coordinate disclosure timing with you
• We will credit you in the release notes (unless you prefer to remain anonymous)

This library generates CSS shadow values and does not:

• Execute user-provided code
• Make network requests
• Access the filesystem
• Store any data

The library accepts numeric configuration values. While we validate inputs internally, always ensure you're passing sanitized values when using user input.