Use this section to inform users about the currently supported versions of your Node.js 18 project that will receive security updates.
| Version | Supported |
|---|---|
| 18.1.x | ✅ |
| 18.0.x | ❌ |
| 17.0.x | ❌ |
| < 17.0 | ❌ |
Use this section to guide users on how to report vulnerabilities in your Node.js 18 project.
If you discover a security vulnerability in this project, please follow these steps:
-
Ensure Confidentiality: If the vulnerability is critical, please do not disclose it publicly until it has been addressed.
-
Submit Issue: Create a new GitHub Issue to report the vulnerability. Use the "Security Vulnerability" issue template, if available.
-
Provide Details: Clearly describe the vulnerability, including steps to reproduce it, affected versions, and potential impact.
-
Stay Engaged: We will acknowledge the receipt of your report and may request additional information if needed. Please stay engaged in the GitHub issue.
-
Acknowledgment: Upon receiving the vulnerability report, we will acknowledge it within 2 business days.
-
Investigation: We will review the vulnerability report and determine its validity and potential impact.
-
Mitigation: If the vulnerability is verified, we will work on identifying a fix and preparing a security update.
-
Release: Once a security update is ready, we will release it and provide details in the GitHub issue.
-
Attribution: We are committed to acknowledging security researchers for their responsible disclosures, if desired.
Versions that are no longer supported will not receive security updates. Users are strongly encouraged to update to a supported version.
Thank you for helping us maintain the security of this project!