HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /usr/share/doc/nodejs/contributing/
Upload Files
File: //usr/share/doc/nodejs/contributing/security-steward-on-off-boarding.md
# Security Steward Onboarding/OffBoarding

## Onboarding

* Confirm the new steward agrees to keep all private information confidential
  to the project and not to use/disclose to their employer.
* Add them to the security-stewards team in the GitHub nodejs-private
  organization.
* Add them to the [public website team](https://github.com/orgs/nodejs/teams/website).
* Ensure they have 2FA enabled in H1.
* Add them to the standard team in H1 using this
  [page](https://hackerone.com/nodejs/team_members).
* Add them as managers of the
  [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.

## Offboarding

* Remove them from security-stewards team in the GitHub nodejs-private
  organization.
* Remove them from public website team
* Unless they have access for another reason, remove them from the
  standard team in H1 using this
  [page](https://hackerone.com/nodejs/team_members).
* Downgrade their account to regular member in the
  [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.
@ Telegram