Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
Code Issues Activity

Update SECURITY.md

Browse source
This commit is contained in:
Juan Picado 2021-04-26 07:56:07 +02:00 committed by GitHub
parent 629cbdd6b5
commit 9a2f4a4667
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
SECURITY.md
View file

@ -8,7 +8,10 @@ The following table describes the versions of this project that are currently su
| ------- | ------------------ |
| 2.x | :x: |
| 3.x | :x: |
| 4.x | :white_check_mark: |
| 4.x | :white_check_mark: (until 1st July 2021) |
| 5.x | :white_check_mark: |
| 6.x alpha | :x: |
## Responsible disclosure security policy
@ -26,11 +29,11 @@ At Verdaccio, we consider the security of our systems a top priority. But no mat
If you discover a security vulnerability, please use one of the following means of communications to report it to us:
- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
* Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
Note that time-frame and processes are subject to each programs own policy.
- Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://verdaccio.nyc3.digitaloceanspaces.com/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
* Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://verdaccio.nyc3.digitaloceanspaces.com/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.