This document outlines the security policy for the Datadog Node.js Tracer (aka dd-trace-js) and what to do if you discover a security vulnerability in the project.
Most notably, please do not share the details in a public forum (such as in a discussion, issue, or pull request) but instead reach out to us with the details.
This gives us an opportunity to release a fix for others to benefit from by the time details are made public.
We accept vulnerability submissions for any currently maintained release lines.
If you discover a vulnerability in the Datadog Node.js Tracer (or any Datadog product for that matter) please submit details to the following email address: