If you discover a security vulnerability in Lpu Now, please report it responsibly.

⚠️ Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email the maintainers or use GitHub's private vulnerability reporting.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Fix & Disclosure: Coordinated with reporter

1. Set JWT_SECRET — Always use a strong, unique secret in production via environment variables
2. Use HTTPS — Deploy behind a reverse proxy with TLS
3. MongoDB Authentication — Enable auth on your MongoDB instance
4. Keep Dependencies Updated — Run npm audit regularly
5. Rate Limiting — Add rate limiting to the API in production