Please report security issues privately — not through public issues or pull requests.
Use GitHub's private vulnerability reporting (the Report a vulnerability button on the repository's Security tab). It opens a private channel between you and the maintainers.
When you report, include as much of the following as you can:
- The version or commit affected.
- A description of the issue and its impact.
- Steps to reproduce, or a proof of concept.
- Any suggested fix or mitigation, if you have one.
- We aim to acknowledge a report within 3 business days.
- We'll confirm the issue, keep you updated as we work on a fix, and let you know when it ships.
- With your permission, we're happy to credit you once the fix is public.
Please give us a reasonable window to release a fix before disclosing publicly. We're a small team and we'll move as fast as we can.
skilldeck is pre-1.0 and ships fixes against the latest release. Please make sure you're on the most recent version before reporting.