To report a genuine* security vulnerability with angular-eslint, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

*Not all flagged vulnerabilities are valid and context is important. angular-eslint is a development time only toolset, it is never deployed to a server and never takes user input other than your own.

Please consider reading this article to learn about how dependency audits lead to inaccurate vulnerability reports: https://overreacted.io/npm-audit-broken-by-design/