Node.js Security Bug Bounty Program Paused(nodejs.org)
nodejs.org
Node.js Security Bug Bounty Program Paused
https://nodejs.org/en/blog/announcements/discontinuing-security-bug-bounties
https://nodejs.org/en/blog/announcements/discontinuing-security-bug-bounties
Perhaps Node.js can switch to a VDP, no-bounty program. From Hacker One: "VDP is designed solely for receiving, validating, and addressing security reports without a paid bounty element"