How to report fixed vulnerability


(Volker Mische) #1

Hi,

how do I report when a vulnerability in a package was fixed (resp. if the information if wrong)?

https://www.npmjs.com/advisories/717 is wrong. The vulnerability has long been fixed with the 1.0.1 release: https://github.com/schnittstabil/merge-options/commit/d4a93bc2890455e0931ac0779667023e6cb101d4

Cheers,
Volker


(Adam Baldwin) #2

Great question and thank you for the updated information. The current best place to report any advisory updates is to email security@npmjs.com.

I’ve gone ahead and updated the advisory based on this new information.


(system) #3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.