Skip to content

Security: tc39/ecmarkup

SECURITY.md

TC39 Vulnerability Disclosure Policy

Reporting Guidelines

  • If a security issue is present in an implementation, then report it directly to the relevant project.
  • If a security issue is present in a TC39 specification, let us know.
    • Include any relevant links to corroborative information, e.g. vulnerability reports, reference IDs, etc.
  • If you are unable to determine whether a security issue is implementation-specific, let us know.

Reporting to TC39

Report using GitHub by visiting the security advisories page of the relevant repository, such as:

Alternately, send an email to security@tc39.es

Reporting to Projects

Note

This list is not exhaustive.

Engine/Runtime Used In Link to Report
JavaScriptCore Safari, Bun Report
SpiderMonkey Firefox Report
V8 Chrome, Chromium, Edge, Node, Deno Report
Node Report
Deno Report
Bun Report

There aren’t any published security advisories