Skip to content

Security: webpack/webpack-cli

SECURITY.md

Security Policy

This document explains the security policy of webpack-cli and how we intend to support webpack and webpack-cli.

Supported Versions

webpack CLI is currently supporting webpack v4 and webpack v5. Security fixes are released in patches.

webpack version webpack-cli version Supported
>= 4.20.x ^4.2.0
<= 4.19.x ^4.2.0
5.x.0 ^4.2.0
5.0.x ^4.2.0
< 4.x.x (CLI included in webpack < 4)

Note: Using webpack < 4 with webpack CLI is not required as CLI was included in webpack.

Reporting a Vulnerability

To report a vulnerability, please contact one of webpack maintainers through the email provided from either npm, GitHub or reach out at other social media platforms. For third party security vulnerabilities, submitting an issue or Pull Request to fix the security vulnerability is much appreciated. We also use dependabot from GitHub to avoid vulnerabilities.

There aren’t any published security advisories