how to add unaffected version to audit advisory?


(Joe Bowbeer) #1

How are the audit advisories updated? And by whom?

Case in point, static-eval advisory lists no unaffected versions, but apparently the most recent version 2.0.2 is not affected.

https://www.npmjs.com/advisories/758

How is this information updated?

For future reference, if one of my packages is singled out, what do I need to do beyond publishing a fixed version?


(Lars Willighagen) #2

Right at the bottom of the page :)

Have content suggestions? Send them to security@npmjs.com

Thatโ€™s the only way I know of, anyway.


(Joe Bowbeer) #3

Thanks for the suggestion. That was my first action. I was not impressed that the email address had an extra space in it, and all Iโ€™ve received is a form response.


(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.