Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
Node.js third-party modules logo
Hall of Fame


In Scope

Scope Type Scope Name
undefined express
undefined noble
undefined url-parse
undefined Use this asset for any module that do not already exist in this list.
undefined markdown-pdf
undefined simplehttpserver
undefined statics-server
undefined node-red
undefined mqtt-packet
undefined express-cart
undefined pdf-image
undefined gatsby-remark-images-contentful
undefined handlebars
undefined finalhandler
undefined webpack-bundle-analyzer
undefined atob
undefined kill-port
undefined dot
undefined is-my-json-valid
undefined pdf-officegen
undefined node-tar
undefined smart-extend
undefined jQuery
undefined bufferjs
undefined http-sync
undefined node-email
undefined questor
undefined node-buffer-builder
undefined atlasboard-atlassian-package
undefined zlib-browserify
undefined kramed
undefined whereis
undefined node.extend
undefined merge-deep
undefined assign-deep
undefined crud-file-server
undefined defaults-deep
undefined bower
undefined servey
undefined just-extend
undefined mpath
undefined harp
undefined reveal.js
undefined flatmap-stream
undefined zombie
undefined tianma-static
undefined morgan
undefined send
undefined ponse
undefined node-xlsx
undefined http-live-simulator
undefined samlify
undefined bruteser
undefined knightjs
undefined ascii-art
undefined takeapeek
undefined apex-publish-static-files
undefined samsung-remote
undefined cached-path-relative
undefined ps
undefined libnmap
undefined egg-scripts
undefined flintcms
undefined win-spawn
undefined extend
undefined sql
undefined exceljs
undefined open
undefined public
undefined mcstatic
undefined bracket-template
undefined augustine
undefined html-pages
undefined grunt-serve
undefined sexstatic
undefined metascraper
undefined react-marked-markdown
undefined macaddress
undefined base64url
undefined ua-parser-js
undefined useragent
undefined byte
undefined merge
undefined njwt
undefined canvas
undefined formidable
undefined command-exists
undefined memjs
undefined file-static-server
undefined utile
undefined getcookies
undefined put
undefined funcster
undefined cryo
undefined fs-path
undefined stringstream
undefined npmconf
undefined entitlements
undefined merge-objects
undefined merge-options
undefined merge-recursive
undefined marked
undefined deep-extend
undefined deap
undefined https-proxy-agent
undefined typeorm
undefined sshpk
undefined protobufjs
undefined stattic
undefined resolve-path
undefined mixin-deep
undefined rgb2hex
undefined foreman
undefined concat-with-sourcemaps
undefined lodash
undefined hoek
undefined superstatic
undefined 626
undefined metascrapper
undefined hekto
undefined anywhere
undefined general-file-server
undefined angular-http-server
undefined node-srv
undefined simple-server
undefined pullit
undefined scrape-metadata
undefined glance
undefined http-proxy-agent
undefined fastify
undefined featurebook
undefined html-janitor
undefined lactate
undefined serve-here
undefined serve
undefined multer
undefined body-parser
undefined m-server
undefined pdfinfojs
undefined buttle
undefined cloudcmd
undefined git-dummy-commit
undefined express-useragent
web_application localhost-now

Node.js third-party modules

No technology is perfect, and Node.js believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in a third-party Node.js module, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

If you seek help, please ping us on our public Slack https://nodejs-security- __.

Vulnerabilities in Node.js core should be reported via@nodejs

Disclosure Timeline

  • Vulnerability is identified or Disclosed to Node.js Security Team - We will endeavor to keep reporter / finder in the loop with all communications / events.
  • Maintainers are notified if it's not a self disclosure.
  • After a fix is made available, the public advisory is finalized and a CVE assigned.
  • If no fix is available after 45 days, the advisory will timeout and will be made publicly available.

Thank you for helping keep the Node.js ecosystem safe!

FireBounty © 2015-2019

Legal notices