Nothing Particularly Magnificent

Report a vulnerability

Please fill out the form to report a vulnerability in an npm package. Security reports for npm or the services it operates should be sent to [email protected]

Please include any references, commits, or code examples that would be useful in reproducing the issue

Our disclosure timeline

  1. Vulnerability is reported
  2. npm Security triages vulnerability report
  3. npm Security notifies package maintainers
  4. npm Security publishes security advisory when package maintainers release a fix
  5. If maintainers are unresponsive after 45 days, npm Security makes the advisory public