We actively address security vulnerabilities for the following versions of json-web-token:

We encourage the responsible disclosure of security vulnerabilities. If you have discovered a potential security issue in the json-web-token module, we prefer that you report it to us through a GitHub pull request.

1. Fork the Repository: Create a fork of the json-web-token repository.
2. Create a New Branch: Make your changes in a new branch in your fork.
3. Describe the Vulnerability: In your pull request, provide a detailed description of the vulnerability. This should include:
   • The version of json-web-token affected.
   • A comprehensive description of the vulnerability.
   • Steps to reproduce the issue or a code snippet, if possible.
   • Possible impacts of the vulnerability.
4. Submit the Pull Request: Submit the pull request to our repository for review.

• We will review your pull request and may request additional details.
• If the vulnerability is confirmed, we will work on a fix and merge your pull request.
• We will keep you informed throughout the process.

• We request that you do not disclose the vulnerability publicly until we have had the chance to review and address it.
• Coordinated disclosure is vital to protect the community. We will work with you to determine the appropriate time for public disclosure.

This security policy is subject to change. We recommend users to periodically review this policy for any updates. Your contributions are vital in keeping json-web-token and the open-source community secure.

Thank you for supporting the security of json-web-token.