If you discover a security vulnerability, please email security@hypatia.earth instead of opening a public issue.
We'll respond within 48 hours and work with you to understand and address the issue.
Zero is a static browser application with no backend. Relevant concerns include:
- XSS vulnerabilities (URL parameter handling)
- Malicious dependencies (supply chain)
- Service Worker cache issues