docs: add dependency vulnerability status to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: vveerrgg

README.md

@@ -177,6 +177,12 @@ const result = await verifyCredential({
 
 ## Security Considerations
 
+### Dependency Vulnerability Status
+
+We actively monitor and address security vulnerabilities in this codebase. **`npm audit --omit=dev` reports zero vulnerabilities** for this package — there are no known security issues in production dependencies.
+
+Any remaining `npm audit` findings are in development-only tooling (eslint, typescript-eslint, vitest, etc.) and stem from transitive dependencies with no upstream fix available. These are devDependencies that are never included in the published package and pose no risk to consumers of this library. We monitor upstream fixes and update promptly when they become available.
+
 ### Biometric Data Privacy
 
 - All biometric data remains on the user's device — it is never transmitted to servers