Please contact us directly at [email protected] for any bug that might
impact the security of this project. Please prefix the subject of your email
with [security]
in lowercase and square brackets. Our email filters will
automatically prevent these messages from being moved to our spam box.
You will receive an acknowledgement of your report within 24 hours.
All emails that do not include security vulnerabilities will be removed and blocked instantly.
If you do not receive an acknowledgement within the said time frame please give us the benefit of the doubt as it's possible that we haven't seen it yet. In this case please send us a message without details using one of the following methods:
- Give our channel operators a heads up in our IRC room (irc.freenode.net#primus).
- Contact the lead developers of this project on their personal e-mails. You
can find the e-mails in the git logs, for example using the following command:
git --no-pager show -s --format='%an <%ae>' <gitsha>
where<gitsha>
is the SHA1 of their latest commit in the project.
Once we have acknowledged receipt of your report and confirmed the bug ourselves we will work with you to fix the vulnerability and publicly acknowledge your responsible disclosure, if you wish. In addition to that we will report all vulnerabilities to the Node Security Project.
No security issues have been reported yet.