The only completely secure system is the one that doesn't exist in the first place. Having said that, we take the security of Marked very seriously.

Please disclose potential security issues by email to the project committers as well as the listed owners within NPM. We will provide an initial assessment of security reports within 48 hours and should apply patches within 2 weeks (also, feel free to contribute a fix for the issue).