The js-compute-runtime project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via Fastly’s security issue reporting process.

Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The team announces security issues via the Fastly Developer Hub Starter Kits site on a best-effort basis.

Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly Security Advisories.