stramel
commented
3 years ago Hello! Unfortunately, i don't have access to the main settings of this repository and can't issue security disclosures through GitHub or npm. I will try to add a security.md file as you suggested in the meantime. You can email me directly and I can add it a fix for the vulnerability.
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)