If you find a vulnerability in any project please reach out to me directly matthatcher @ pm.me with the subject Security Report - rivalsjs@*version*.