(Intentionally public)

We should set up some kind of automated detection and scan for use of vulnerable packages (as direct or indirect dependencies or dev dependencies).

If you discover any such issue by using https://nodesecurity.io/tools tools yourself, please report those as private security issues.