The latest published 0.x release receives security fixes.

Please report security issues privately rather than opening a public issue.

• Use GitHub's private vulnerability reporting, or
• Email sebastian@0a.cl with the details.

Include a description, a reproduction, and the impact. You can expect an initial response within a few days. Once a fix is released, we are happy to credit you in the advisory unless you prefer to remain anonymous.

llm-errors has zero runtime dependencies and performs only in-memory inspection of error objects: it does not make network requests, read or write files, or execute code from its input. The most relevant risks are denial of service from pathological input (for example, deeply nested structures). Reports along those lines are welcome.