Hash DRBG is cryptographically secure. If you find any bugs, or that this implementation deviates from the specification in NIST SP 800-90A, consider creating an issue. In case of critical bugs, I will try to provide an alternative channel to share sensitive information (if any).

Note that this implementation is not designed to be secure from side-channel attacks.