Please do not open a public GitHub issue for security vulnerabilities.

Report security issues by emailing security@stellar.org with:

1. A description of the vulnerability and its potential impact.
2. Steps to reproduce or a proof-of-concept.
3. Affected package(s) and version(s).

You will receive an acknowledgement within 48 hours and a resolution timeline within 7 days.

This library performs client-side address parsing and routing extraction. It does not make network requests, store data, or handle private keys. The primary security concern is correctness of the StrKey checksum validation — an incorrect implementation could silently accept malformed addresses.

We follow coordinated disclosure. We will credit reporters in the release notes unless anonymity is requested.