
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

July 6, 2026
4 min read


A controversial proposal inside the Node.js Technical Steering Committee would move lower-severity security reports into a public workflow, reserving private embargo handling for higher-severity vulnerabilities.
The proposal, opened in February by Node.js security maintainer Rafael Gonzaga, is now on the agenda for the July 9, 2026 Security Working Group meeting, alongside a follow-up discussion on AI-assisted HackerOne triage.
It builds on a year of changes to Node.js security intake, including higher signal requirements for HackerOne submissions, expanded threat modeling to narrow scope, automated closure of low-quality reports, and escalation handling through the OpenJS CNA when initial filtering is not sufficient.
"These measures have helped, but they haven't solved the problem," Gonzaga said. "We are still overwhelmed. Reports that get automatically closed due to insufficient signal are now reaching our OpenJS CNA email and following our escalation path, and soon that team will be overwhelmed too."

In April, Node.js also discontinued bug bounty rewards when Internet Bug Bounty funding dried up, while vulnerability reporting through HackerOne remained in place. The change removed financial incentives from the reporting pipeline but left the intake and triage model largely unchanged.
The proposal contends that AI-assisted vulnerability discovery has changed the assumptions behind private security reporting.
Gonzaga writes that Node.js has seen a significant increase in both HackerOne reports and contributions over the six months prior to the proposal, which he attributes to LLM-driven fuzzing and scanning workflows. Many of these reports are highly similar, suggesting they are being generated using shared tooling patterns rather than independent discovery.
A key claim in the discussion is that this reproducibility undermines the premise of confidentiality for a growing class of findings.
"These findings are effectively public already," Gonzaga said. "If a commonly available tool can reproduce them on demand, treating them as private secrets provides a false sense of security. More effectively, our disclosure policy is set to 90 days and due to the fact I mentioned above, anyone would be able to find valid vulnerabilities before we even issue a security release."
He also points to the disclosure timeline itself, arguing that during a typical embargo window, equivalent issues may already be independently discovered using the same widely available tooling.
The proposal suggests moving most security reports into a public workflow, with a defined exception path for cases that clearly meet the threshold for coordinated vulnerability disclosure.
Gonzaga argues that many incoming reports are not security-critical vulnerabilities under the project’s threat model, even if they represent legitimate bugs. In his view, handling these privately creates unnecessary operational overhead and slows down fixes that could otherwise be addressed through normal public contribution workflows.
The model still preserves embargo handling, but limits it to the smaller subset of reports that clearly require coordinated disclosure.
The proposal was also discussed during the Node.js Security session at the Collaborator Summit in April, where Gonzaga said the project’s security team has been dealing with a sharp increase in AI-generated HackerOne reports. In that discussion, he said Node.js received 65 HackerOne reports in the most recent month, well above the project’s historical baseline. Node.js received 252 HackerOne submissions over the last two years.
The bounty pause did not solve the intake problem. Gonzaga said maintainers initially thought pausing it might reduce submissions, but “it didn't change anything.” Many reporters, he said, appear less motivated by payment than by recognition: “They just want a CVE assigned to their name.”
Maintainers at the summit considered middle-ground options including severity-based visibility, broader internal access, and documentation changes aimed at reducing false-positive AI-generated reports.
The discussion in the issue centers on whether the proposal meaningfully reduces workload or simply shifts it.
Some maintainers agree that AI-assisted tooling has materially changed the volume and consistency of incoming reports. Similar dynamics have been observed in other open source ecosystems, including curl, where maintainers have discussed increased noise from automated scanning and duplicated vulnerability submissions.
Node.js TSC member Joyee Cheung cautioned that visibility does not remove the underlying constraint. Even if reports are public, review capacity and release coordination remain bottlenecks controlled by a small group of maintainers.
If the root cause is being swamped by LLM-generated notifications, and their users are motivated to use an agent to do whatever reward this would bring, does it really make that much of a difference for them to change the prompt from "find all vulnerabilities in this threat model" to "find all vulnerabilities in this threat model, and open a PR to fix it"? We will then still need people to triage the PRs and review them and take care of the CI for them, and this subset is still limited to collaborators, so in practice it doesn't seem to make that much of a difference sharing it to public v.s. to collaborators in terms of workforce needed to get them fixed.
Another concern raised in the thread is that workload would not disappear, but move into different queues, from private triage to public review and pull request handling.
The July 9 meeting keeps the proposal in active discussion after several months on Node.js security working group meeting agendas. Alongside this discussion, the working group is also evaluating AI-assisted triage for HackerOne reports, which would introduce automated reproduction and classification before human review, reducing noise earlier in the intake pipeline.
For now, Node.js has not announced a policy change. Security working group members will continue discussing how they can reduce private triage load without creating new pressure in public issue review, whether through public handling for lower-signal reports, further tightening of the existing HackerOne intake process, or a hybrid approach combining severity-based routing with expanded contributor access.

Subscribe to our newsletter
Get notified when we publish new security blog posts!

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.