Do not open a public issue for security vulnerabilities.
Report vulnerabilities through GitHub Security Advisories.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Fix target: within 7 days of confirmation
- Disclosure: coordinated with the reporter after the fix is released
| Version | Supported |
|---|---|
| latest | ✅ |
This policy covers the mac-use-mcp npm package and its Swift helper binary. Third-party dependencies are out of scope but will be triaged if reported.