This is a static community site (Next.js static export). There is no backend, no user authentication, and no database.
| Component | Supported |
|---|---|
| Static site build | Yes |
| npm dependencies | Yes — reported via GitHub Dependabot |
If you discover a security vulnerability in this repository (e.g., a dependency with a known CVE, XSS in a rendered component, or sensitive data in the repository):
- Do not open a public GitHub issue.
- Open a GitHub Security Advisory for this repository, or contact the maintainers privately.
- Include: affected file(s), steps to reproduce, potential impact.
We will acknowledge reports within 7 days and aim to publish a fix within 30 days where applicable.
- Source code in this repository
- npm dependency vulnerabilities (please also report upstream)
Out of scope: VRChat platform security, third-party sites linked from this guide.