fastify-riotjs-and-lowdb/node_modules/fastify/SECURITY.md

# Security Policy

This document describes the management of vulnerabilities for the Fastify project and it's officials' plugins.


## Reporting vulnerabilities

Individuals who find potential vulnerabilities in Fastify are invited to complete a vulnerability report via the dedicated HackerOne tool for Node.js modules: [https://hackerone.com/nodejs-ecosystem](https://hackerone.com/nodejs-ecosystem).

### How to report a vulnerabiliy

It is of the utmost importance that you read carefully [**HOW TO REPORT A VULNERABILIY**](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md) written by the Security Working Group of Node.js.


## Handling vulnerability reports

When a potential vulnerability is reported and confirmed the Fastify Core Team will intervene in the
`follow-up` stage of the process following the workflow and the timings described in the Security WG's document.

### Vulnerabilities found outside this process

⚠ The Fastify project does not support any reporting outside the HackerOne process.


## The Fastify Core team

The core team is responsible for the management of [this](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md#handling-vulnerability-reports) process.

Members of this team are expected to keep all information that they have privileged access to by being
on the team completely private to the team. This includes agreeing to not notify anyone outside the
team of issues that have not yet been disclosed publicly, including the existence of issues,
expectations of upcoming releases, and patching of any issues other than in the process of their work
as a member of the Fastify Core team.
init 4 years ago			`# Security Policy`

			`This document describes the management of vulnerabilities for the Fastify project and it's officials' plugins.`


			`## Reporting vulnerabilities`

			`Individuals who find potential vulnerabilities in Fastify are invited to complete a vulnerability report via the dedicated HackerOne tool for Node.js modules: [https://hackerone.com/nodejs-ecosystem](https://hackerone.com/nodejs-ecosystem).`

			`### How to report a vulnerabiliy`

			`It is of the utmost importance that you read carefully [HOW TO REPORT A VULNERABILIY](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md) written by the Security Working Group of Node.js.`


			`## Handling vulnerability reports`

			`When a potential vulnerability is reported and confirmed the Fastify Core Team will intervene in the`
			`follow-up` stage of the process following the workflow and the timings described in the Security WG's document.

			`### Vulnerabilities found outside this process`

			`⚠ The Fastify project does not support any reporting outside the HackerOne process.`


			`## The Fastify Core team`

			`The core team is responsible for the management of [this](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md#handling-vulnerability-reports) process.`

			`Members of this team are expected to keep all information that they have privileged access to by being`
			`on the team completely private to the team. This includes agreeing to not notify anyone outside the`
			`team of issues that have not yet been disclosed publicly, including the existence of issues,`
			`expectations of upcoming releases, and patching of any issues other than in the process of their work`
			`as a member of the Fastify Core team.`