To report a security vulnerability, there are two things you can do.

If the security vulnerability is dangerous, please DO NOT open a public issue. Please email me, the lead developer (jude@alecw.net), were we can privately discuss this.

If the security vulnerability is not dangerous or can not be executed on deployed host, you can either (A) open an issue for someone to fix, or (B) open a pull request if you have a fix.

Thank you for your contributions and studies to the Better Mac Store.