We take security bugs contained within the KOG bot with upmost seriousness. We appreciate your effort to appropriately and responsibly disclose your findings, and we will make sure your efforts to report these vulnerabilities are acknowledged.
If you wish to report a security vulnerability, please utilize GitHub's built in Security tab and click on the Report a vulnerability button in the top right.
After your request is received, the development team will diligently review your request, and start working on a fix on the vulnerability as soon as possible.
Throughout this, the developers will keep you up to date with the progress of a potential fix to your issue, as well as what steps to take to cordon off any possible security intrusions in production.
Note
If your vulerability report is contained to one specific package, and not our implementation of that package, please report the vulnerability to that package's maintainer. You may view the email address of the package maintainer by running npm show <package_name>.