To report security concerns or vulnerabilities within protobuf-javascript, please use Google's official reporting channel:

https://www.google.com/appserve/security-bugs/m2/new