2 comments

[ 2.5 ms ] story [ 11.9 ms ] thread
Isn't this just a link to the npm site for something with 5 downloads a week?

This doesn't seem to fit the title.

When you send an email to security@npmjs.com, a "security point of contact, who will delegate incident response activities as appropriate." per their security documentation here: https://www.npmjs.com/policies/security

I'm assuming because this package has relatively low impact, it was given a triage rating of `P3` (also described on that documentation page). That means it is "Low severity, fix within 180 days".