Status: In progress — see issue #50 for details and updates.
Last updated: December 2, 2025

• Follow the OWASP Top Ten for web application security.
• Never commit secrets, credentials, or sensitive data to the repository.
• Use dependency pinning and keep dependencies up to date.
• Review code for common vulnerabilities (XSS, CSRF, SSRF, etc.).
• Use strong, unique passwords and enable 2FA on all accounts.
• Report any suspicious activity or potential vulnerabilities immediately.

If you discover a security vulnerability, please report it responsibly:

• Email: security@paperlyte.com
• Do not create a public GitHub issue for security vulnerabilities.
• Provide as much detail as possible (steps to reproduce, impact, etc.).
• We aim to acknowledge all reports within 24 hours and resolve critical issues promptly.

• Privacy Policy
• Terms of Service
• Cookie Policy
• OWASP Top Ten
• CII Best Practices

• All dependencies are managed via npm and checked for vulnerabilities using npm audit.
• Automated Dependabot alerts are enabled for this repository.
• Only trusted, well-maintained packages are used.
• Review and update dependencies regularly; avoid deprecated or unmaintained libraries.
• Use lockfiles (package-lock.json) to ensure deterministic builds.

Progress on this document and all security-related improvements is tracked in issue #50.

For questions or urgent security concerns, contact security@paperlyte.com.