When you send an email to security@npmjs.com, a "security point of contact, who will delegate incident response activities as appropriate." per their security documentation here: https://www.npmjs.com/policies/security
I'm assuming because this package has relatively low impact, it was given a triage rating of `P3` (also described on that documentation page). That means it is "Low severity, fix within 180 days".
2 comments
[ 2.5 ms ] story [ 11.9 ms ] threadThis doesn't seem to fit the title.
I'm assuming because this package has relatively low impact, it was given a triage rating of `P3` (also described on that documentation page). That means it is "Low severity, fix within 180 days".