This repository is an experimental, independent Zig implementation and is not affiliated with the Bytecode Alliance or the upstream WebAssembly Micro Runtime project.

Please use GitHub Private Vulnerability Reporting for sensitive vulnerability reports in this repository. This provides a private channel for sharing details with the repository maintainer before public disclosure.

For non-sensitive hardening ideas or bug reports, opening a public GitHub issue is fine. Do not include exploit details, proof-of-concept payloads, or other sensitive information in a public issue.

This project is experimental and is not currently production-supported. It does not provide a formal security response SLA, long-term support policy, or guaranteed CVE process.

Please do not report vulnerabilities in this repository to the Bytecode Alliance unless the same issue also affects a Bytecode Alliance project.

For proactive review scope and sandbox-critical audit checklists, see SECURITY_AUDIT.md.

For maintainer triage, advisory decisions, upstream advisory tracking, and security-review expectations, see SECURITY_PROCESS.md.