Community
Pleach is developed in the open.
Discussions, bug reports, and PRs live on the upstream repo. Security disclosures take a separate channel.
Channels.
Discussions
Open-ended questions, use-case sketches, architecture trade-offs. Start here when you're not sure it's a bug.
GitHub DiscussionsIssues
Bug reports and feature requests. One issue per problem; include the @pleach/core version and a minimal repro.
GitHub IssuesPull requests
PRs welcome. The upstream CONTRIBUTING.md documents the workflow — read it before a substantial change.
Contribute on GitHubSecurity disclosures
Private channel for vulnerabilities. Acknowledgement within two business days, a fix-or-mitigation plan for confirmed reports, and a CVE filed when a published @pleach/* package needs one. No paid bounty; reports get a real response, not a payout.
getpleach@protonmail.comBefore you open a PR
The contributing guide covers what counts as a substrate-level change. The plugin contract is the place to start if you're extending the runtime rather than patching it.
Watching for releases
Watch the releases page for substrate cuts and the @pleach npm org for the full SKU matrix. Per-package CHANGELOGs track sibling updates.
There's no marketing list. The packages are the broadcast.
General contact: getpleach@protonmail.com.