# Security Policy ## Supported Versions | Version | Supported | | --- | --- | | 1.x | Yes | ## Reporting a Vulnerability Do not open a public GitHub issue for security vulnerabilities. Email: aric.camarata@gmail.com Include: - A description of the vulnerability - Steps to reproduce - Potential impact - Any suggested fix, if you have one You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days. ## Scope This package is a pure computation library. It performs no network requests, reads no files, and holds no credentials. All calendar conversion logic is deterministic arithmetic. The primary security concern would be a supply-chain compromise of the npm package.