Please do not open a public issue for security problems. Instead, use GitHub's private reporting:
- Go to the Security tab on this repository.
- Click Report a vulnerability.
- Describe the issue, the affected package, and a reproduction if possible.
You can expect:
- An acknowledgement within 5 business days.
- A coordinated fix and disclosure plan for confirmed issues.
- Credit in the release notes once a fix ships, if you would like that.
Only the most recent minor version of the published @artui/cli package
receives fixes. The hosted MCP server at artui.vandervennet.art/api/mcp
is updated continuously alongside the docs site. The @artui/registry
components themselves are copy-pasted into consumer projects, so once
copied they are owned by that project — fixes are published as updated
component sources that the CLI can re-fetch.