diff --git a/SECURITY.md b/SECURITY.md
index 0e88d7b50702fa..ef2509102fe6a3 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -85,6 +85,7 @@ When reporting security vulnerabilities, reporters must adhere to the following
 
 4. **Report Quality**
    * Provide clear, detailed steps to reproduce the vulnerability.
+   * Include reproducible code written in JavaScript.
    * Include only the minimum proof of concept required to demonstrate the issue.
    * Remove any malicious payloads or components that could cause harm.