We take the security of better-logger seriously.

• Email: security@better-logger.dev (if available)
• GitHub: Report a vulnerability

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact
4. Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 7 days
• Fix or mitigation: Within 30 days for critical issues

better-logger is designed to be:

• Zero dependencies — Reduces attack surface
• Client-side safe — Works in browsers without risk
• No network by default — Only sends data if you configure transports

• Log data may contain sensitive information — use better.log.redact() for PII
• File transport writes to local filesystem — ensure proper permissions
• HTTP transport sends data to external endpoints — validate URLs