NVD CVE for NPM package not on GitHub in Advisories? #2347
aarongoldenthal
started this conversation in
General
Replies: 1 comment
-
|
Sorry for the delayed reply, but that is correct. We don't care if the package is developed on github or not for security advisories 😃 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm just trying to get clarification on this...
From the README it sounds like if a CVE is reported in NVD for an NPM package that is not hosted on GitHub (e.g. hosted on gitlab.com), then with NPM as a supported ecosystem an entry would be created in GitHub Advisories. Is that correct?
I've tried to get clarification on this from NPM support and unfortunately they have not been able to answer.
Beta Was this translation helpful? Give feedback.
All reactions