netscope is currently in active development. Security fixes are applied to the latest main branch state.

If you find a vulnerability:

1. Do not open a public issue with exploit details.
2. Send a private report to the maintainer with:
   • reproduction steps,
   • impact,
   • affected files and versions.
3. Wait for acknowledgement before public disclosure.

• Never commit real API keys or tokens.
• Keep runtime secrets only in local .env or external secret managers.
• Use .env.example and config/netscope.config.example.json as templates.
• Rotate any key that was ever stored in git history or shared logs.

• Run local checks before pushing:
  • lint/type/tests,
  • secret scan,
  • dependency audit.
• Treat all user-provided URLs as untrusted input.