npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

how to add unaffected version to audit advisory?

How are the audit advisories updated? And by whom?

Case in point, static-eval advisory lists no unaffected versions, but apparently the most recent version 2.0.2 is not affected.

https://www.npmjs.com/advisories/758

How is this information updated?

For future reference, if one of my packages is singled out, what do I need to do beyond publishing a fixed version?


Right at the bottom of the page :)

Have content suggestions? Send them to security@npmjs.com

That’s the only way I know of, anyway.


Thanks for the suggestion. That was my first action. I was not impressed that the email address had an extra space in it, and all I’ve received is a form response.