As Yippee-Ki-JSON is strictly intended to be desktop application, running in a command line, it is strongly recommended to never use any Yippee-Ki-JSON artifacts in any other scenario e.g. as part of a web application. This can simplify things and rule out a number of threats strongly connected to web use. Although this is not ensuring that it won't be ever a source you would need to consider as a source of risk, it would certainly make it a bit harder to use for malicious actors.

The aim is to support the end users kindly trusting this library as much as possible but at the end of the day, this is a hobby project which maintained in my free time. So reality is that the latest version will be supported with security patches in case vulnerabilities are reported and everything else will be decided case by case.

In case you have found a vulnerability, please report an issue here

Thank you in advance!