Do not open a public GitHub issue for security vulnerabilities.

Please report security vulnerabilities by emailing the maintainers via a GitHub Security Advisory.

Include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fix (optional)

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 14 days for confirmed vulnerabilities.

KompKit Core is a utility library with no network access, no file system access, and no external runtime dependencies (Web/Android). The attack surface is limited to:

• Input validation logic (isEmail) — regex denial-of-service (ReDoS) is in scope
• Dependency vulnerabilities in intl (Dart) or kotlinx-coroutines (Kotlin)

• Vulnerabilities in development-only dependencies (test runners, build tools)
• Issues in generated documentation