I am extremely dedicated to ensuring the security of this library. In order to ensure that goal, I keep the complexity of the library to an absolute minimum, and only use dependencies that I trust completely.
The only production dependency is unraw, which I wrote myself and which has no production dependencies itself.
Vulnerability reports will always be handled with absolute priority. The best way to report a vulnerability is to notify NPM, who will analyze your report and take the appropriate action along with alerting me.