PUT Notes is a static frontend (Create React App) with no backend, no authentication, and no user data collection beyond standard Google Analytics page views. The attack surface is small, but if you find something e.g. an XSS vector in note/PDF rendering, a dependency vulnerability, or anything else please report it privately rather than opening a public issue:
- Use GitHub's private vulnerability reporting (Security tab → "Report a vulnerability"), or
- Reach out via the contact links on krystianpinczak.com.
Only the main branch is maintained; there are no older supported versions.