This is a static, client-side web app with no backend, no accounts, and no runtime network calls beyond loading local JSON. The attack surface is small, but we still take reports seriously.

Please report security issues privately rather than opening a public issue:

• Preferred: use GitHub's private vulnerability reporting on this repository ("Security" tab → "Report a vulnerability").
• Or email Gorrek at ajbtechinfo@gmail.com.

Please include steps to reproduce and the affected file(s) or input(s). We will acknowledge your report, investigate, and credit you in the fix unless you prefer to remain anonymous.

The deployed site always reflects the latest main. Fixes are applied there; there are no separately maintained release branches.