This document describes the management of vulnerabilities for the doxie-node project and it's officials' plugins.
Individuals who find potential vulnerabilities in doxie-node are invited to complete a vulnerability issue via the dedicated HackerOne tool for Node.js modules: https://hackerone.com/nodejs-ecosystem.
It is of the utmost importance that you read carefully HOW TO REPORT A VULNERABILIY written by the Security Working Group of Node.js.
When a potential vulnerability is reported and confirmed the doxie-node Core Team.
Members of this team are expected to keep all information that they have privileged access to by being on the team completely private to the team. This includes agreeing to not notify anyone outside the team of issues that have not yet been disclosed publicly, including the existence of issues, expectations of upcoming releases, and patching of any issues other than in the process of their work as a member of the doxie-node Core team.