Skip to content

Security: tc39/.github

Security Navigation

SECURITY.md

TC39 Vulnerability Disclosure Policy

Reporting Guidelines

  • If a security issue is present in an implementation, then report it directly to the relevant project.
  • If a security issue is present in a TC39 specification, let us know.
    • Include any relevant links to corroborative information, e.g. vulnerability reports, reference IDs, etc.
  • If you are unable to determine whether a security issue is implementation-specific, let us know.

Reporting to TC39

Report using GitHub by visiting the security advisories page of the relevant repository, such as:

Alternately, send an email to security@tc39.es

Reporting to Projects

Note

This list is not exhaustive.

Engine/Runtime Used In Link to Report
JavaScriptCore Safari, Bun Report
SpiderMonkey Firefox Report
V8 Chrome, Chromium, Edge, Node, Deno Report
Node Report
Deno Report
Bun Report