To report a vulnerability, please send an email to security+nitro@unjs.io or submit it for a bounty via Huntr.

All security vulnerabilities will be promptly verified and addressed.

We recommend to regularly upgrade and publish with the latest versions of used packages and sub-dependencies by maintaining lock files (yarn.lock, package-lock.json, pnpm-lock.yaml and bun.lock) in order to ensure your application remains as secure as possible.