I've now looked at the GitHub repo and I'm not 100% happy with what I see. As an example, there are 6 open PRs, some of which are kicking on 9 months out, so that says to me that the repo is not being managed as well as it could be, which calls in to question the project as a whole.

I think that the information in the 'post' is good information that I'm as sure as I can be is genuine. There are some corner cases that will not apply to every reader, but by the same measure, there are quite a few that will apply to almost every reader.

For me, I'll continue in my quest to find a solution that I'm 100% happy with and take from this the information that I need while discarding that which I don't.

From all of the security research that I've done over the past 2 decades, one thing remains front and centre: complexity is the enemy of security.

I'm working toward to custom solution that I know is as secure as it can be, because I'm building it myself -- Trust No One