If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email us at: [email protected]

Please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Any suggested fixes (if you have them)

• We will acknowledge receipt of your report within 48 hours
• We will provide an initial assessment within 7 days
• We will work with you to understand and resolve the issue
• Once fixed, we will publicly acknowledge your contribution (unless you prefer to remain anonymous)

This security policy applies to the eslint-plugin-lingui-typescript npm package and its source code repository.

Since this is an ESLint plugin that only runs during development/linting (not in production), the attack surface is limited. However, we still take security seriously and appreciate responsible disclosure.

• Keep your dependencies up to date
• Use npm audit regularly
• Pin dependencies in production environments