GridSnap is a client-side-only PWA — no servers, no user data stored externally, no authentication. The attack surface is minimal.

If you discover a security issue (e.g. a dependency vulnerability, XSS in the UI), please do not open a public issue. Instead:

1. Open a GitHub Security Advisory
2. Describe the issue, steps to reproduce, and potential impact

You can expect a response within 7 days.