Netlify’s commitment to security transparency

Netlify is committed to transparency and responsible disclosure of vulnerabilities in the packages used by its community. The company's security team will fix and disclose vulnerabilities in a timely manner, with a focus on improving not only itself but also the broader web. Netlify collaborates with bug bounty researchers and has a public program for reporting vulnerability findings, aiming to make the web a safer place through transparent disclosures. Customers can expect prompt notification within 48 hours if a critical or high CVE rating is identified, allowing them to take necessary action to secure their applications.