The Node.js project completed the winding down of its ecosystem vulnerability reporting program on May 18th. This doesn’t mean it will affect the process of reporting vulnerabilities in Node.js project. The process will continue without any interruption through the HackerOne program. Node.js started accepting vulnerability reports for the ecosystem.The vulnerabilities were solved by volunteer members of the Ecosystem Security working group. When the program stopped accepting vulnerability reports for ecosystem modules NodeJS handed over the responsibility to another platform. Snyk took on the existing vulnerability backlog. Existing reports will be closed with instructions that point to the link for reporting the vulnerability to Snyk. This is to avoid further complications with data ownership  and confidentiality issues. NodeJS has done a good job in handling the situation in an effective way by applying all precautions to protect privacy and data.