Welcome to the p5Catalyst security policy. We take the security of this open-source project seriously and encourage responsible disclosure of any vulnerabilities.

This project is maintained and tested with:

• p5.js: version 1.6.1
• ffmpeg.wasm: version 3?

Older versions may be partially supported but are not actively tested.

If you discover a security vulnerability in this project, please do not open a public issue. Instead, report it directly to the maintainer:

Contact: aidan.wyber@multitude.nl

We are primarily concerned with:

• Unauthorized access to local files or clipboard data
• Unsafe DOM manipulation (especially within GUI components)

If you're contributing or extending the project:

• Sanitize any user-generated content before using it in outputs.
• Restrict uploads to trusted MIME types and dimensions.

Thank you for helping keep p5Catalyst safe and open for everyone.

This policy is inspired by GitHub's official security policy documentation.