25 lines
1.2 KiB
Markdown
25 lines
1.2 KiB
Markdown
|
# Security Policies and Procedures
|
||
|
|
|
||
|
|
## Reporting a Bug
|
||
|
|
|
||
|
|
The `raw-body` team and community take all security bugs seriously. Thank you
|
||
|
|
for improving the security of Express. We appreciate your efforts and
|
||
|
|
responsible disclosure and will make every effort to acknowledge your
|
||
|
|
contributions.
|
||
|
|
|
||
|
|
Report security bugs by emailing the current owners of `raw-body`. This information
|
||
|
|
can be found in the npm registry using the command `npm owner ls raw-body`.
|
||
|
|
If unsure or unable to get the information from the above, open an issue
|
||
|
|
in the [project issue tracker](https://github.com/stream-utils/raw-body/issues)
|
||
|
|
asking for the current contact information.
|
||
|
|
|
||
|
|
To ensure the timely response to your report, please ensure that the entirety
|
||
|
|
of the report is contained within the email body and not solely behind a web
|
||
|
|
link or an attachment.
|
||
|
|
|
||
|
|
At least one owner will acknowledge your email within 48 hours, and will send a
|
||
|
|
more detailed response within 48 hours indicating the next steps in handling
|
||
|
|
your report. After the initial reply to your report, the owners will
|
||
|
|
endeavor to keep you informed of the progress towards a fix and full
|
||
|
|
announcement, and may ask for additional information or guidance.
|