danielpacak
commented
6 years ago Hi @vdeturckheim . I'm the only maintainer of this repo / npm module. Feel free to open a PR with the fix for the above mentioned vulnerability.
Open vdeturckheim opened 6 years ago
danielpacak
commented
6 years ago Hi @vdeturckheim . I'm the only maintainer of this repo / npm module. Feel free to open a PR with the fix for the above mentioned vulnerability.
vdeturckheim
commented
6 years ago Hey @danielpacak thanks for your response, as a collection and triage team, we only coordinate security issues. Can I invite you on HackerOne with your public email address? You'll be able to review the security report that has been issued to us and to discuss with the person who found it.
danielpacak
commented
6 years ago Sure, please send me the invitation so I can review the report.
vdeturckheim
commented
6 years ago Awesome, you should have received an email from HackerOne.
omerlh
commented
5 years ago Any update on this? @vdeturckheim is has been more than 6 months, maybe it's time for public disclosure?
vdeturckheim
commented
5 years ago @omerlh I will check ASAP
linonetwo
commented
5 years ago Are this project and organization still under maintenance? I can confirm that npm package is partially functional, workable but with glitches.
danielpacak
commented
5 years ago Are this project and organization still under maintenance? I can confirm that npm package is partially functional, workable but with glitches.
It's not actively developed although any PR is more than welcomed. I'm okey with disclosing any possible security vulnerabilities that it might cause so the community is aware of that.
Hello,
As a member of the Node.js ecosystem security team I have been reported a security issue regarding this package.
I have contacted the person I identified as maintainer by email but did not get any answer. What is the best way to reach someone with commit rights over this repo do privately explain what is the issue?
Best Vladimir de Turckheim