We take the security of @clerk/break-check and our other systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a security vulnerability in @clerk/break-check, please report it to us by emailing security@clerk.dev. Please include the following details with your report:

1. A description of the location and potential impact of the vulnerability.
2. A detailed description of the steps required to reproduce the vulnerability (proof-of-concept scripts, screenshots, and screen captures are all helpful to us).

We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and we will credit you in the report.

Please do not disclose the vulnerability publicly until a fix is released. Once we have either published a fix or declined to address the vulnerability for any reason, you are free to disclose it publicly.