If you find a security vulnerability in this library, please do not open a public GitHub issue.

Email the maintainers directly or use GitHub's private vulnerability reporting on this repo.

DevDock plugins are external processes spawned by the DevDock binary. They run with the same privileges as the user running DevDock. Keep this in mind when writing or installing plugins:

• Only install plugins you trust or have read the source of
• Config values (webhook URLs, API keys) are passed in devdock.toml — do not commit secrets to source control; use environment variable substitution instead
• Plugins can read environment variables, the filesystem, and make network calls — treat them like any other code you run on your machine