- Please email a private report to maintainers (open an issue marked
securityonly for general questions). - Include steps to reproduce, affected versions, and impact.
- We will acknowledge receipt within 72 hours and provide a timeline for fixes.
- We aim to keep
mainsecure; release branches will receive patches as needed.
- Avoid eval and non-literal regex/fs/require in user input paths.
- Prefer explicit whitelists and input validation.
- Use latest LTS Node and updated dependencies.
感谢你帮助我们共同维护项目安全。