| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in STARK, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, use GitHub's private vulnerability reporting to submit your report.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline communicated once the issue is triaged
- Never commit
.envfiles — use.env.localfor local development - Rotate API keys regularly for OpenAI and Anthropic
- Keep dependencies updated — run
pnpm updateperiodically - All data is stored locally in your browser's IndexedDB — no data leaves your machine except API calls to OpenAI/Anthropic for question generation and OCR