npm 安全政策

本文档概述了 npm 所采用的实践和政策,旨在确保我们发布稳定/安全的软件,并在出现安全威胁时做出适当的反应。

¥Outlined in this document are the practices and policies that npm applies to help ensure that we release stable/secure software, and react appropriately to security threats when they arise.

目录

¥Table of Contents

  1. 向 npm 报告安全问题

    ¥Reporting Security Problems to npm

  2. 安全联系人

    ¥Security Point of Contact

  3. 关键更新和安全通知

    ¥Critical Updates And Security Notices

向 npm 报告安全问题

¥Reporting Security Problems to npm

如果你需要报告安全漏洞。请访问 https://npmjs.com/support。如果你的问题特定于你的账户,例如凭据丢失或双重身份验证问题,则联系 我们的支持团队 更为合适。

¥If you need to report a security vulnerability. Please visit https://npmjs.com/support. If your issue is specific to your account, such as lost credentials or problems with two-factor authentication, contacting our support team is more appropriate.

我们会在下一个工作日审查所有安全报告。请注意,npm 员工在美国大多数节假日通常处于离线状态,但请不要延迟你的报告!我们的非工作时间支持人员可以解决许多问题,并会在需要时通知我们的安全联系人。

¥We review all security reports on the next business day. Note that the npm staff is generally offline for most US holidays, but please do not delay your report! Our off-hours support staff can fix many issues, and will alert our security point of contact if needed.

安全联系人

¥Security Point of Contact

任何使用 https://npmjs.com/support 开具的安全工单都将上报至安全联系人,安全联系人将酌情委派事件响应活动。这是就任何安全相关问题联系 npm 的最佳和最快捷方式。

¥Any security tickets opened using https://npmjs.com/support will be escalated to the security point of contact, who will delegate incident response activities as appropriate. This is the best and fastest way to contact npm about any security-related matter.

关键更新和安全通知

¥Critical Updates And Security Notices

我们从各种来源了解关键软件更新和安全威胁:

¥We learn about critical software updates and security threats from a variety of sources:

变更

¥Changes

本文档为动态文档,可能会不时更新。请参阅 此文档的 git 历史记录 查看更改。

¥This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.

许可证

¥License

本文档可在 知识共享署名-相同方式共享许可协议 下重复使用。

¥This document may be reused under a Creative Commons Attribution-ShareAlike License.

npm v11.4 中文网 - 粤ICP备13048890号