Skip to content

Instantly share code, notes, and snippets.

@legastero
Last active November 19, 2015 19:03
Show Gist options
  • Save legastero/e80a8e394524644b1f8d to your computer and use it in GitHub Desktop.
Save legastero/e80a8e394524644b1f8d to your computer and use it in GitHub Desktop.
NSP SECURITY.md

Reporting Security Vulnerabilities

This package is using the Node Security Project (NSP) to facilitate responsible disclosure of potential security issues and subsequent security patches and advisories.

If you have discovered a potential security issue, please send the relevant information (such as references, commits, or code examples that would be useful in reproducing the issue) to the Node Security Project by either:

Disclosure Response Timeline

  1. Once a vulnerability has been reported, the NSP will contact the package maintainers about the issue.
  2. After a patch has been prepared and published, the NSP will publish a public advisory and request a CVE.
  3. If after 45 days a patch has not been published, a public advisory will be published by the NSP.

History

View latest advisories at the Node Security Project

No security advisories have been published for this package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment