docs: add security policy, update changelog, fix license badge

- Add SECURITY.md with vulnerability reporting guidelines and
  security considerations for links, images, HTML, and plugins
- Add 4.0.1 entry to CHANGELOG.md
- Fix license badge to use static MIT badge instead of broken
  GitHub license detection

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: mientjan

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 4.0.1
+
+### Bug Fixes
+
+- Resolved open issues and added missing render rules
+
+### Documentation
+
+- Moved v3 examples from `doc/example/` into `example/screens/` as v4 TypeScript function components
+- Added React Navigation with 5 interactive example screens (basic, file loading, custom styles, custom rules, custom renderer)
+- Created GitHub wiki with 8 documentation pages (Getting Started, Custom Styles, Custom Rules, Custom Renderer, Plugins, API Reference, Migration from v3)
+- Added npm/GitHub badges, package links, Examples section, and Documentation section to README
+- Removed outdated `doc/` directory
+
 ## 4.0.0
 
 ### Breaking Changes

README.md

@@ -2,7 +2,7 @@
 
 [![npm version](https://img.shields.io/npm/v/react-native-markdown-renderer.svg)](https://www.npmjs.com/package/react-native-markdown-renderer)
 [![npm downloads](https://img.shields.io/npm/dm/react-native-markdown-renderer.svg)](https://www.npmjs.com/package/react-native-markdown-renderer)
-[![GitHub](https://img.shields.io/github/license/mientjan/react-native-markdown-renderer)](https://github.com/mientjan/react-native-markdown-renderer)
+[![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/mientjan/react-native-markdown-renderer/blob/master/LICENSE)
 
 A 100% CommonMark-compatible markdown renderer for React Native using native components (not WebView). All elements are rendered as native React Native components that can be overwritten when needed.
 

SECURITY.md

@@ -0,0 +1,34 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Do not open a public GitHub issue for security vulnerabilities.**
+
+Instead, please email the maintainer directly or use [GitHub's private vulnerability reporting](https://github.com/mientjan/react-native-markdown-renderer/security/advisories/new).
+
+When reporting, please include:
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- The potential impact
+- Any suggested fixes (if applicable)
+
+You can expect an initial response within 72 hours. We will work with you to understand and address the issue before any public disclosure.
+
+## Security Considerations
+
+This library renders markdown as native React Native components. A few things to be aware of:
+
+- **Links**: The default `link` render rule opens URLs via React Native's `Linking` API. If you render untrusted markdown, consider providing a custom `link` rule that validates or sanitizes URLs before opening them.
+- **Images**: The default `image` rule loads remote images via the `src` attribute. Consider validating image sources if rendering untrusted content.
+- **HTML**: The `html_block` and `html_inline` rules render raw HTML content as plain text, not as actual HTML. This is safe by default.
+- **Plugins**: Third-party markdown-it plugins may introduce additional attack surface. Vet plugins before use, especially with untrusted input.