The latest minor release on the main branch receives security fixes. Older versions are best-effort.

Please do not file public GitHub issues for security problems.

Report privately via GitHub Security Advisories. Please include:

• A description of the vulnerability and its impact.
• Steps to reproduce, ideally a minimal repo or code snippet.
• The library version, React Native version, and platform (iOS / Android / Web).
• Any suggested fix or mitigation.

We aim to acknowledge reports within 3 business days and to issue a fix or mitigation within 30 days for confirmed vulnerabilities. We're happy to credit reporters in the release notes if requested.

In scope:

• Code in this repository (src/, example/).
• Build output published to npm.

Out of scope:

• Vulnerabilities in react, react-native, react-native-svg, or other third-party dependencies — please report those upstream. We will, of course, bump dependencies promptly when upstream fixes ship.