The websocket-extensions package contains a Regular Expression Denial-of-Service (ReDoS) vulnerability that was discovered by Robert McLaughlin, a Ph.D. student in the Computer Science program at the University of California, Santa Barbara. The vulnerability was reported to Snyk by Robert and validated by Sam Sanoop, an analyst on the Snyk Security Team. The vulnerability could allow a malicious user to attack the regular expression algorithm, causing catastrophic backtracking, and was identified using the open source RegexStaticAnalysis tool. After confirming the validity of the vulnerability, Sam investigated the code base for the package and located the actual line of code that introduced the issue, developing guidance on how to remediate it. The maintainer of the websocket-extensions package responded promptly to the information provided by Snyk, releasing a fix within a day of receiving the report, and the vulnerability was published shortly thereafter. This is an example of how Snyk's disclosure process helps researchers report and receive credit for their discoveries while working collaboratively with open source maintainers.