Narcoleptic's Patch Mangler

Report a security vulnerability

Please fill out the form to report a security vulnerability in an npm package to the npm Security team.

Security reports for npm or the services it operates should be sent to [email protected]

Please note that this report goes to the npm Security team for triage, not the package maintainer

Please include any references, commits, or code examples that would be useful in reproducing the security issue.

Our disclosure timeline

  1. Vulnerability is reported
  2. npm Security triages vulnerability report
  3. npm Security notifies package maintainers
  4. npm Security publishes security advisory when package maintainers release a fix
  5. If maintainers are unresponsive after 45 days, npm Security makes the advisory public