If you find a security issue, please report it privately when GitHub security advisories are available for this repository. If private advisories are not available, open a minimal issue that describes the affected package and version without publishing exploit details.

Please include:

• the affected package and version;
• the smallest input or scenario needed to understand the issue;
• the impact you believe it has;
• whether the issue affects Node, browsers, or both.

These packages are small developer utilities, but parser and renderer bugs can still matter. Reports about denial-of-service behavior, unsafe output, or misleading validation are welcome.