Auth0-js SDK: do I need to pass nonce when starting passwordless login?

I am using the auth0-js SDK to initiate passwordless login:

webAuth.passwordlessStart({
    email: <>,
    connection: 'email',
    send: 'code',
    authParams: {
      state,
    },
  });

But I think it is not setting nonce by default. Is this correct? Do I need to pass it explicitly? The documentation is not clear