The 1.x release line is actively maintained. Security fixes are published as patch releases on 1.x. Pre-1.0 (0.x) releases reached end-of-life at 1.0.0 and no longer receive security updates.

If you discover a security vulnerability in a supported 1.x release, please report it responsibly.

Do not open a public issue. Instead, email the maintainers directly or use GitHub's private vulnerability reporting.

We will acknowledge receipt within 48 hours and provide a timeline for a fix. Once resolved, we will publish a fix on the supported 1.x line and credit you in the release notes (unless you prefer to remain anonymous).

blit-tech is a client-side WebGPU rendering library. Security concerns are primarily:

• Supply chain (dependencies)
• Build pipeline integrity
• WebGPU resource handling