| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
If you discover a security vulnerability in lmscan, please report it responsibly:
- Do NOT open a public issue.
- Email security@lmscan.dev or use GitHub Security Advisories.
- Include steps to reproduce and impact assessment.
We will acknowledge receipt within 48 hours and provide a fix timeline within 7 days.
lmscan processes text locally. It does not:
- Send data to external servers
- Require API keys or credentials
- Execute user-provided code
Security concerns are primarily around dependency supply chain and input handling.