| # Security Policies and Procedures |
| |
| ## Reporting a Bug |
| |
| The `cookie` team and community take all security bugs seriously. Thank |
| you for improving the security of the project. We appreciate your efforts and |
| responsible disclosure and will make every effort to acknowledge your |
| contributions. |
| |
| Report security bugs by emailing the current owner(s) of `cookie`. This |
| information can be found in the npm registry using the command |
| `npm owner ls cookie`. |
| If unsure or unable to get the information from the above, open an issue |
| in the [project issue tracker](https://github.com/jshttp/cookie/issues) |
| asking for the current contact information. |
| |
| To ensure the timely response to your report, please ensure that the entirety |
| of the report is contained within the email body and not solely behind a web |
| link or an attachment. |
| |
| At least one owner will acknowledge your email within 48 hours, and will send a |
| more detailed response within 48 hours indicating the next steps in handling |
| your report. After the initial reply to your report, the owners will |
| endeavor to keep you informed of the progress towards a fix and full |
| announcement, and may ask for additional information or guidance. |
