If you discover a security vulnerability, please do not open a public issue.

Instead, report it privately by emailing the maintainer or using GitHub's private vulnerability reporting.

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You can expect an initial response within 48 hours. We will work with you to understand and address the issue before any public disclosure.

This policy covers the fetch-smartly npm package. Third-party dependencies are out of scope but will be addressed if they impact this package.