ESLint
No technology is perfect, and ESLint believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in ESLint or its infrastructure, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Since ESLint is run by volunteers, we cannot pay bounties.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our infrastructure.
While researching, please refrain from:
Attempting to compromise the npm or GitHub accounts of anyone on the ESLint team
Publishing anything to the npm registry or to GitHub using ESLint's credentials, if you find a way to access them
Social engineering, including submitting backdoors in pull requests
Denial-of-service attacks
Thank you for helping keep ESLint and our users safe!
| Scope Type | Scope Name |
|---|---|
| web_application | jenkins.eslint.org |
| web_application | https://github.com/eslint/eslint-github-bot |
| web_application | https://github.com/eslint/eslint |
This program have been found on Hackerone on 2018-09-23.
FireBounty © 2015-2025
