Severity
High
Description
Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the git dependency to npm or a private package repository and consume it from there.
Packages with this alert
Upscale images using AI
A package contains Atlassian editor core functionality
A proxy for ProseMirror, a peerDependencies compatible approach for Lerna.
A build command for our clientside code, assuming the use of components.