webpack/SECURITY.md

# Reporting Security Issues

If you discover a security issue in webpack, please report it by sending an
email to [webpack@opencollective.com](mailto:webpack@opencollective.com).

This will allow us to assess the risk, and make a fix available before we add a
bug report to the GitHub repository.

Thanks for helping make webpack safe for everyone.

## Threat Model

For an overview of the security assumptions, potential attack vectors, and areas
of concern relevant to webpack, please refer to the
[Threat Model](https://github.com/webpack/security-wg/blob/main/docs/threat-model.md).

## Incident Response Plan

In the event of a security incident, please refer to the
[Security Incident Response Plan](https://github.com/webpack/webpack/blob/main/INCIDENT_RESPONSE_PLAN.md).
docs: add `SECURITY.md` 2018-04-25 02:59:43 +08:00			`# Reporting Security Issues`

			`If you discover a security issue in webpack, please report it by sending an`
			`email to [webpack@opencollective.com](mailto:webpack@opencollective.com).`

			`This will allow us to assess the risk, and make a fix available before we add a`
			`bug report to the GitHub repository.`

			`Thanks for helping make webpack safe for everyone.`
docs: add incident response plan (#19841) 2025-09-03 22:06:16 +08:00
docs(security): add reference to webpack threat model ref: https://github.com/webpack/security-wg/pull/9 2025-09-15 13:34:25 +08:00			`## Threat Model`

			`For an overview of the security assumptions, potential attack vectors, and areas`
			`of concern relevant to webpack, please refer to the`
			`[Threat Model](https://github.com/webpack/security-wg/blob/main/docs/threat-model.md).`

docs: add incident response plan (#19841) 2025-09-03 22:06:16 +08:00			`## Incident Response Plan`

			`In the event of a security incident, please refer to the`
			`[Security Incident Response Plan](https://github.com/webpack/webpack/blob/main/INCIDENT_RESPONSE_PLAN.md).`