eeymoo/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2026-02-04 08:52:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[security] add security escalation policy

Browse Source
This commit is contained in:
Ulises Gascón
2025-09-15 14:33:37 +02:00
committed by Jordan Harband
parent 4d364c2e7b
commit a36448ffcd
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/SECURITY.md vendored
View File

@@ -2,6 +2,13 @@
Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
## Escalation
If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
## OpenSSF CII Best Practices
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/684/badge)](https://bestpractices.coreinfrastructure.org/projects/684)