Community

Pleach is developed in the open.

Discussions, bug reports, and PRs live on the upstream repo. Security disclosures take a separate channel.

Channels.

Discussions

Open-ended questions, use-case sketches, architecture trade-offs. Start here when you're not sure it's a bug.

GitHub Discussions

Issues

Bug reports and feature requests. One issue per problem; include the @pleach/core version and a minimal repro.

GitHub Issues

Pull requests

PRs welcome. The upstream CONTRIBUTING.md documents the workflow — read it before a substantial change.

Contribute on GitHub

Security disclosures

Private channel for vulnerabilities. Acknowledgement within two business days, a fix-or-mitigation plan for confirmed reports, and a CVE filed when a published @pleach/* package needs one. No paid bounty; reports get a real response, not a payout.

getpleach@protonmail.com

Before you open a PR

The contributing guide covers what counts as a substrate-level change. The plugin contract is the place to start if you're extending the runtime rather than patching it.

Watching for releases

Watch the releases page for substrate cuts and the @pleach npm org for the full SKU matrix. Per-package CHANGELOGs track sibling updates.

There's no marketing list. The packages are the broadcast.

General contact: getpleach@protonmail.com.