What would be the correct way to report a potential security issue in this package?
I would recommend adding a SECURITY.md file: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
I know this package seems unmaintained, by it still has more than 30000 monthly installs.
It might be a good idea to mark the package as abandoned on Packagist so users can be warned that it is not updated anymore.
What would be the correct way to report a potential security issue in this package?
I would recommend adding a SECURITY.md file: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
I know this package seems unmaintained, by it still has more than 30000 monthly installs.
It might be a good idea to mark the package as abandoned on Packagist so users can be warned that it is not updated anymore.