The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
How to report fixed vulnerability
how do I report when a vulnerability in a package was fixed (resp. if the information if wrong)?
https://www.npmjs.com/advisories/717 is wrong. The vulnerability has long been fixed with the 1.0.1 release: https://github.com/schnittstabil/merge-options/commit/d4a93bc2890455e0931ac0779667023e6cb101d4
Great question and thank you for the updated information. The current best place to report any advisory updates is to email firstname.lastname@example.org.
I’ve gone ahead and updated the advisory based on this new information.