Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
Code Issues Activity

Update SECURITY.md

Browse source
This commit is contained in:
Juan Picado 2021-04-26 07:56:07 +02:00 committed by GitHub
parent 629cbdd6b5
commit 9a2f4a4667
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
SECURITY.md
View file

@ -6,9 +6,12 @@ The following table describes the versions of this project that are currently su
| Version | Supported | | Version | Supported |
| ------- | ------------------ | | ------- | ------------------ |
| 2.x | :x: | | 2.x | :x: |
| 3.x | :x: | | 3.x | :x: |
| 4.x | :white_check_mark: | | 4.x | :white_check_mark: (until 1st July 2021) |
| 5.x | :white_check_mark: |
| 6.x alpha | :x: |
## Responsible disclosure security policy ## Responsible disclosure security policy
@ -26,11 +29,11 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat
If you discover a security vulnerability, please use one of the following means of communications to report it to us: If you discover a security vulnerability, please use one of the following means of communications to report it to us:
- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix. * Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
Note that time-frame and processes are subject to each programs own policy. Note that time-frame and processes are subject to each programs own policy.
- Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://verdaccio.nyc3.digitaloceanspaces.com/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document. * Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://verdaccio.nyc3.digitaloceanspaces.com/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions. Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.