Please report security vulnerabilities privately, never in a public issue or pull request.
Use GitHub's private reporting form: Report a vulnerability.
Include enough detail to reproduce the issue: the affected version and build, your macOS version, the steps to trigger it, and the impact as you understand it. You will get an acknowledgement, and we will keep you informed as the report is investigated and fixed.
Please give us a reasonable window to release a fix before any public disclosure.
Supacode ships from main and updates through the in-app updater. Security fixes target the
latest released version, so please make sure you are on the latest build before reporting.