docs: add SECURITY.md and LICENSE.md, update README badges

- Added a SECURITY.md for reporting vulnerabilities and disclosure practices.
- Added LICENSE.md with the MIT license details.
- Updated README with new badges for CI and license links.

Author: addon-owner

LICENSE.md

@@ -0,0 +1,21 @@
+# MIT License
+
+Copyright (c) 2025 Addon Stack; Anjey Tsibylskij
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,9 +1,11 @@
 # @adnbn/plugin-reg-cs
 
-[![npm version](https://img.shields.io/npm/v/@adnbn/plugin-reg-cs.svg)](https://www.npmjs.com/package/@adnbn/plugin-reg-cs)
+[![npm version](https://img.shields.io/npm/v/@adnbn/plugin-reg-cs.svg?logo=npm)](https://www.npmjs.com/package/@adnbn/plugin-reg-cs)
 [![npm downloads](https://img.shields.io/npm/dm/@adnbn/plugin-reg-cs.svg)](https://www.npmjs.com/package/@adnbn/plugin-reg-cs)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE.md)
+[![CI](https://github.com/addon-stack/plugin-reg-cs/actions/workflows/ci.yml/badge.svg)](https://github.com/addon-stack/plugin-reg-cs/actions/workflows/ci.yml)
 
-A plugin for [Addon Bone](https://github.com/addonbone) that automatically registers and injects content scripts when your browser extension is installed.
+A plugin for [Addon Bone](https://addonbone.com) that automatically registers and injects content scripts when your browser extension is installed.
 
 ## Key Features
 
@@ -72,8 +74,3 @@ export default defineConfig({
 If your content scripts aren't being injected:
 
 - Make sure you have included the necessary URL patterns in `host_permissions` in your manifest, otherwise the API won't have access to those tabs
-
-
-## License
-
-MIT © Addon Bone

SECURITY.md

@@ -0,0 +1,43 @@
+# Security Policy
+
+## Supported Versions
+
+We aim to maintain the latest release line of this project. If you use an older version, please consider upgrading to receive security fixes.
+
+## Reporting a Vulnerability
+
+Please report security issues privately and avoid opening public issues with exploitable details.
+
+- Preferred contact: addonbonedev@gmail.com
+- For non-sensitive/general bugs, use the issue tracker: https://github.com/addon-stack/plugin-reg-cs/issues
+
+When reporting, please include (if possible):
+
+- Affected version(s) and package name (adnbn) and how you installed it
+- Environment details (OS, Node.js version, browser/runtime, relevant configs)
+- Steps to reproduce and a minimal proof of concept (PoC)
+- Impact assessment (what an attacker can do and likely severity)
+
+We will acknowledge your report within 72 hours and keep you informed as we triage and address the issue.
+
+## Coordinated Disclosure
+
+We follow coordinated disclosure practices:
+
+- We collaborate with you to verify the issue and determine the fix.
+- A fix will be released as soon as feasible, depending on severity and complexity.
+- After a fix is available, we will publish release notes describing the impact and mitigation.
+- Please refrain from public disclosure until a fix has been released or we agree on a timeline together.
+
+## Credit
+
+We are happy to acknowledge reporters in release notes (unless you prefer to remain anonymous). If you would like a specific name or handle to be used, let us know.
+
+## CVEs and Bounties
+
+- CVE assignment may be considered on a case-by-case basis.
+- We do not operate a bug bounty program at this time.
+
+## Scope
+
+This policy covers the code and packages maintained in this repository. Issues in third-party dependencies should be reported upstream to their maintainers when appropriate.