Can bug bounty hunters have access to package registry?

I’ve been playing around with it and I think I might have found something. I cannot confirm my suspicion until I have access to the registry features on the GraphQL API. Thanks!

Hey @brxxn,

Thanks for reaching out! I’ll pass on your feedback to the team; in the meanwhile pleases submit your issue via https://bounty.github.com/

Cheers!