diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..e17f100b
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+The latest version of `sharp` as published to npm
+and reported by `npm view sharp dist-tags.latest`
+is supported with security updates.
+
+## Reporting a Vulnerability
+
+Please use
+[e-mail](https://github.com/lovell/sharp/blob/main/package.json#L5)
+to report a vulnerability.
+
+You can expect a response within 48 hours
+if you are a human reporting a genuine issue.
+
+Thank you in advance.
diff --git a/README.md b/README.md
index 84690edf..ba0db79c 100644
--- a/README.md
+++ b/README.md
@@ -98,8 +98,6 @@ readableStream
 A [guide for contributors](https://github.com/lovell/sharp/blob/main/.github/CONTRIBUTING.md)
 covers reporting bugs, requesting features and submitting code changes.
 
-[![Node-API v5](https://img.shields.io/badge/Node--API-v5-green.svg)](https://nodejs.org/dist/latest/docs/api/n-api.html#n_api_n_api_version_matrix)
-
 ## Licensing
 
 Copyright 2013 Lovell Fuller and others.