Potential Security Issue

Question

Potential Security Issue

supriza opened this issue a year ago · comments

Raul Onitza-Klugman commented a year ago

Hi @benatkin @ljharb @karlbohlmark @grncdr @harthur ,
My name is Raul and I'm a security researcher at Snyk. There might be a security issue in your package.
Where can I contact you in private to discuss things?
Thanks!

Jordan Harband · Answer 1 · Thu Feb 23 2023 00:49:26 GMT+0800 (China Standard Time)

Hi @supriza; the security policy at https://github.com/ljharb/js-traverse/security/policy should cover this :-)

Raul Onitza-Klugman · Answer 2 · Thu Feb 23 2023 02:42:31 GMT+0800 (China Standard Time)

Thanks @ljharb, I missed that!

Benjamin Atkin · Answer 3 · Fri Feb 24 2023 06:04:56 GMT+0800 (China Standard Time)

such willingness to waste my time _._

more inclined to go w/ socket.dev now =)

Jordan Harband · Answer 4 · Fri Feb 24 2023 06:06:11 GMT+0800 (China Standard Time)

@benatkin i'm not sure what you mean?

Benjamin Atkin · Answer 5 · Fri Feb 24 2023 06:07:26 GMT+0800 (China Standard Time)

@ljharb I mean a security researcher from Snyk mentioned my name in a list and didn't check for a security policy

not a big deal I guess :)

Jordan Harband · Answer 6 · Fri Feb 24 2023 06:11:33 GMT+0800 (China Standard Time)

Going to close this for now.