Security Bug Bounty Program Paused Due to Loss of Funding
Summary
The Node.js project has paused its security bug bounty program due to the loss of external funding from the Internet Bug Bounty (IBB). Despite pausing monetary rewards, vulnerability reports can still be submitted and triaged via HackerOne, and the Node.js Security Team remains committed to security; the program may be revived if dedicated funding returns, with sponsorship possible through the OpenJS Foundation.