If you find a vulnerablity in any project please reach out to me directly matthatcher @ pm.me with the subject Security Report - *package name*@*version*.