Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-01-29 06:27:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update security policy

Browse Source
This commit is contained in:
jdalton
2024-10-06 13:19:38 -04:00
parent 6a2cc1dfcf
commit afcd5bc1e8
1 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
SECURITY.md
View File

@@ -2,7 +2,8 @@
## Supported versions ## Supported versions
The following table describes the versions of this project that are currently supported with security updates: The following table describes the versions of this project that are currently
supported with security updates:
| Version | Supported | | Version | Supported |
| ------- | ------------------ | | ------- | ------------------ |
@@ -13,22 +14,22 @@ The following table describes the versions of this project that are currently su
## Responsible disclosure security policy ## Responsible disclosure security policy
A responsible disclosure policy helps protect users of the project from publicly disclosed security vulnerabilities without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users. A responsible disclosure policy helps protect users of the project from publicly
disclosed security vulnerabilities without a fix by employing a process where
vulnerabilities are first triaged in a private manner, and only publicly disclosed
after a reasonable time period that allows patching the vulnerability and provides
an upgrade path for users.
When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue. When contacting a security program their disclosure policy will provide details on time-frame, processes and paid bounties. We kindly ask you to refrain from malicious acts that put our users, the project,
or any of the projects team members at risk.
We kindly ask you to refrain from malicious acts that put our users, the project, or any of the projects team members at risk.
## Reporting a security issue ## Reporting a security issue
We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. We consider the security of Lodash a top priority. But no matter how much effort
we put into security, there can still be vulnerabilities present.
If you discover a security vulnerability, please use one of the following means of communications to report it to us: If you discover a security vulnerability, please report the security issue
directly to the Lodash maintainers through the Security tab of the Lodash
repository.
- Report the security issue to the Node.js Security Working Group through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix. Your efforts to responsibly disclose your findings are sincerely appreciated.
Note that time-frame and processes are subject to each programs own policy.
- Report the security issue to the project maintainers directly at [security@lodash.com](mailto:security@lodash.com).
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.