Dotanuki actively cares about Open Source Security and Quality.

• Almost all of our projects keep dependencies up-to-date with Renovate Bot, merging PRs automatically with Mergify
• We track dependency graphs and/or SBOM files as part of CI executions
• We release manually and careful review what's being shipped every release
• We invest into Open Source Best Practices
• We invest into Security Scorecards

Please report potential security issues affecting any of our projects to dotanuki.labs@proton.me, preferably with a proof of concept.

You will receive a response from us within 24 hours. If the issue is confirmed, we will release a patch as soon as possible.

Non-vulnerability-related security issues such as new ideas for security features are welcome on GitHub Issues.