Banner object (1)

Hack and Take the Cash !

800 bounties in database
  Back Link to program      
ESLint logo
Hall of Fame

In Scope

Scope Type Scope Name
undefined An issue that allows an attacker to impersonate webhook events from GitHub
undefined An issue that allows an attacker to read or write files on the server hosting the bot
undefined An issue that causes the bot to create a large number of GitHub notifications resulting from a disproportionately small set of actions by an unauthorized GitHub user. For example, if it's possible to get the bot to comment on 100 issues by opening a single pull request, we'd like to know about it.


No technology is perfect, and ESLint believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in ESLint or its infrastructure, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Since ESLint is run by volunteers, we cannot pay bounties.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our infrastructure.


While researching, please refrain from:

  • Attempting to compromise the npm or GitHub accounts of anyone on the ESLint team
  • Publishing anything to the npm registry or to GitHub using ESLint's credentials, if you find a way to access them
  • Social engineering, including submitting backdoors in pull requests
  • Denial-of-service attacks

Thank you for helping keep ESLint and our users safe!

FireBounty © 2015-2019

Legal notices