-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue #1
Comments
This package is implicitly deprecated |
@nfour Thanks! Would you mind deprecating the package properly so that |
@nfour Do you plan to deprecate the package? I am not sure if we should wait for you to do it or should we proceed with disclosure? |
@MarcinHoppe Sorry man I've been a bit too busy to care, but I'm actually curious, just never got a chance to reply to your email! Can you tell me in email (novus.nfour@gmail.com) what the vulnerability is or just here, I dont think it matters. I've deprecated it with |
Sorry for a late response. We just disclosed the report, it's public now: |
Hello,
As a member of the Node.js Security WG I would like to draw your attention to a security report that has been made regarding this package.
I have made attempts to contact the person identified as a maintainer of this package but did not get any answer. What is the best way to reach someone with commit rights over this repo and hopefully NPM publishing rights as well, in order to invite them to privately discuss the issue on the HackerOne platform and provide a resolution?
Thanks,
Marcin
References:
The text was updated successfully, but these errors were encountered: