tree-md-generator is an open-source CLI tool for generating and visualizing directory trees.
It is distributed under the MIT License — feel free to use, modify, and contribute!

Security is a top priority, and any vulnerabilities must be reported through official channels.

Please do not disclose security vulnerabilities publicly (e.g., via GitHub Issues, Discussions, or social media).

To report a security issue, contact the Security Team directly:

• Email: wyahhndraa@gmail.com
• PGP Key (optional): [Add your PGP public key here]

You should receive an initial response within 24 hours.
If you do not receive confirmation, please follow up to ensure your report was received.

When submitting a security report, include as much detail as possible:

• Type of vulnerability (e.g., command injection, prototype pollution, privilege escalation)
• Affected component or module
• Steps to reproduce
• Proof-of-concept (if available)
• Potential impact and severity

• Critical / High severity vulnerabilities → patched immediately.
• Medium / Low severity issues → fixed in the next scheduled release.
• All security-related fixes are tracked in release notes.

To maintain a secure codebase, contributors are encouraged to:

• Follow secure coding standards
• Keep dependencies updated
• Never commit secrets or credentials
• Review code changes for potential security risks

tree-md-generator follows the principles of Coordinated Vulnerability Disclosure (CVD).
Researchers or contributors who responsibly report valid vulnerabilities may be acknowledged in the project’s release notes or documentation.

All security-related communications should preferably be in English.

• Email: wyahhndraa@gmail.com
• Security Page: [Add your official security portal or website if applicable]

This Security Policy applies to the open-source tree-md-generator project and all official distributions under its MIT License.