We are a small team with a limited number of maintainers. noblox.js-server is maintained and updated on a best-effort basis, but we make no guarantees that the software will be free of vulnerabilities or dependency issues. Only the latest version of the library is supported at any one time and you must update on a regular basis.

You can report a vulnerability by emailing the maintainer team at noblox@mit.edu cc-ing noblox-security@nezto.re , or by joining our Discord server, mentioning the Maintainer and asking to DM re: noblox.js-server. Once a DM is established, you can report the vulnerability.

You can expect to recieve a response within 7 days, and we will aim to fix the issue as soon as possible. You are encouraged to open a pull request with a fix.

We do not offer bounties.