Security issue #1
Comments
|
This package is implicitly deprecated |
|
@nfour Thanks! Would you mind deprecating the package properly so that |
|
@nfour Do you plan to deprecate the package? I am not sure if we should wait for you to do it or should we proceed with disclosure? |
|
@MarcinHoppe Sorry man I've been a bit too busy to care, but I'm actually curious, just never got a chance to reply to your email! Can you tell me in email (novus.nfour@gmail.com) what the vulnerability is or just here, I dont think it matters. I've deprecated it with |
|
Sorry for a late response. We just disclosed the report, it's public now: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
As a member of the Node.js Security WG I would like to draw your attention to a security report that has been made regarding this package.
I have made attempts to contact the person identified as a maintainer of this package but did not get any answer. What is the best way to reach someone with commit rights over this repo and hopefully NPM publishing rights as well, in order to invite them to privately discuss the issue on the HackerOne platform and provide a resolution?
Thanks,
Marcin
References:
The text was updated successfully, but these errors were encountered: