npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

How to report fixed vulnerability

Hi,

how do I report when a vulnerability in a package was fixed (resp. if the information if wrong)?

https://www.npmjs.com/advisories/717 is wrong. The vulnerability has long been fixed with the 1.0.1 release: https://github.com/schnittstabil/merge-options/commit/d4a93bc2890455e0931ac0779667023e6cb101d4

Cheers,
Volker


Great question and thank you for the updated information. The current best place to report any advisory updates is to email security@npmjs.com.

I’ve gone ahead and updated the advisory based on this new information.