Please use GitHub Private Vulnerability Reporting to report security issues.

Do not open a public issue for security vulnerabilities.

• Response time: within 1 week (best-effort, solo maintainer)
• Fix timeline: depends on severity, but patches for confirmed issues are prioritized

inwire has zero runtime dependencies, which keeps the attack surface minimal. Reports about transitive dev-dependency vulnerabilities are appreciated but lower priority.