Yes, the project is in its early phase and until there is a proper release, there won't be any official commitment to security. Having said that, I do intend to respond to security issues and fix them as soon as possible.

For reporting a bug in drupal-jsonapi-params please send an email to [email protected] with subject title "SECURITY ISSUE IN DRUPAL-JSONAPI-PARAMS". I would try to respond to the issue within a week's time.

If you have suggestions on how this process could be improved please submit a pull request or file an issue to discuss.