Depending on the type of security issue and the component affected, there are two different report procedures:
- Security vulnerability or issue on a software component
- Security issue on a package hosted by the registry
If you have a doubt, follow the first procedure: Security vulnerability or issue on a software component
Please do not report these security vulnerabilities through public GitHub issues.
Instead, report them using the contact form on the official website at https://owlplug.com/contact/
Use cases: Vulnerability on owlplug.com, vulnerability on OwlPlug client software, vulnerability on any server/software maintained for OwlPlug services, suspicious data leaks, phishing, abuse, etc...
You can use Github issues to report a suspicious package / binary hosted by https://github.com/OwlPlug/owlplug-registry
(Optional) If you don't want to report the issue publicly, you can use the registry security advisory board
Use cases: Virus and Malware packages, corrupted packages, suspicious binaries, adware, abuse, on-purpose misleading data, etc...