The Cometa team prioritizes the security of its platform and appreciates your dedication to responsibly disclose security findings. We extend our gratitude for your contributions and have established a straightforward process for reporting security issues.

• Please utilize the "Report a Vulnerability" feature of Cometa's GitHub Security Advisory.

• Kindly ensure your security report includes the following details:

  • A clear and concise description of the security issue.
  • Steps to reproduce the issue or a proof-of-concept.
  • Any relevant configurations or settings.

• Once reported, our team will respond promptly, outlining the subsequent steps in addressing your report. Expect regular updates on the progress toward a resolution, and we may request additional information or guidance.

Kindly report them to the person or team responsible for maintaining the module. Alternatively, use the npm contact form, selecting "I'm reporting a security vulnerability."

For insights into Cometa's security notification process, refer to the relevant section in the Security WG's Membership and Notifications Governance document.

Thank you for your commitment to the security of Cometa.