Skip to content

Security: iamtashanto/nodejs-package-manager

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are prioritized for the latest release published to VS Code Marketplace and Open VSX.

Reporting a Vulnerability

Please do not report security vulnerabilities in public issues.

To report a vulnerability privately:

  • Email: mdtanvirahamedshanto@gmail.com
  • Subject: Security Report - Node.js Package Manager
  • Include steps to reproduce, affected versions, and potential impact

You can expect:

  • Initial acknowledgment within 72 hours
  • Follow-up after triage with severity and next steps
  • Coordinated disclosure once a fix is available

Disclosure Guidelines

  • Allow maintainers time to investigate and patch before public disclosure
  • Avoid sharing proof-of-concept exploits publicly until a fix is released
  • Provide enough technical detail for reliable reproduction

There aren't any published security advisories