If you discover a security vulnerability in sorokit-ui, please do not create a public GitHub issue. Instead:

1. Email the maintainers with a detailed description of the vulnerability
2. Include steps to reproduce the issue if possible
3. Allow time for the maintainers to respond and develop a fix

Security vulnerabilities will be addressed promptly and disclosed responsibly.

When using sorokit-ui:

• Always validate user input before passing it to contract methods or transaction builders
• Keep dependencies updated — run npm audit regularly and update packages
• Use HTTPS when communicating with Horizon or Soroban RPC endpoints
• Never expose private keys — sorokit-ui works with wallet SDKs that handle key management securely
• Review contract code before invoking Soroban methods with user funds
• Test thoroughly on testnet before deploying to mainnet

This project uses:

• sorokit-core for Stellar/Soroban logic
• @creit.tech/stellar-wallets-kit for wallet integration
• Standard React and TypeScript tooling

All dependencies are regularly audited. You can check for vulnerabilities with:

npm audit

For general security questions or best practices, feel free to open a discussion or issue.