arhart
commented
2 years ago @fraxken any update?
Closed arhart closed 2 years ago
arhart
commented
2 years ago @fraxken any update?
fraxken
commented
2 years ago @arhart Yes we are working on it and we already fixed few repositories. Just take time since we have to PR all repositories of the project (and almost everybody was in vacation recently :p).
fraxken
commented
2 years ago @arhart Just re-reading and I think I maybe didn't get your point. If you have a vulnerability to report you can send me an email at gentilhomme.thomas@gmail.com if this is sensible (else feel free to open an issue on the CLI repository).
Anyway I'm closing here (we removed the old Node.js Security WG disclosure program).
I'd like to report a security issue in @nodesecure/cli. What is the preferred way to report a vulnerability?
https://github.com/NodeSecure/cli/blob/master/SECURITY.md points to the Node.js ecosystem program on HackerOne, but "The Node.js Ecosystem program is no longer accepting reports". I asked about this and was pointed to NodeSecure/Governance.