If you believe you've found a security issue in any package in this repository, please email support@mrdoge.co rather than opening a public issue. Include:

• A description of the issue
• Steps to reproduce (proof-of-concept if possible)
• The affected package and version
• Your contact info for follow-up

We'll acknowledge within 72 hours and aim to ship a fix within 30 days for valid reports.

We patch security issues on the latest minor of the current major version. Older majors receive critical-only fixes for 12 months after a new major ships.

This repository's scope is the SDK and protocol packages. Server-side issues (data accuracy, account / billing, API behavior beyond the wire spec) should be reported to support@mrdoge.co.