styles-iterator is pre-1.0. Security fixes are made on the latest released version.
Please do not open a public issue for suspected vulnerabilities.
Report privately through GitHub private vulnerability reporting:
https://github.com/jdmnk/styles-iterator/security/advisories/new
If private reporting is unavailable, contact @jdmnk on GitHub to arrange a private disclosure path.
Security-sensitive areas include:
- command execution in generated worktrees
- file guards around lockfiles, package files,
.env*, migrations, database, auth, and API paths - cleanup behavior for worktrees, branches, session state, and local processes
- package publishing or release artifacts
Cursor or other AI coding agents may execute commands depending on local permissions. Run styles-iterator only in repositories and environments you trust, and review generated changes before accepting a variant.