Severity
High
Description
Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the git dependency to npm or a private package repository and consume it from there.
Packages with this alert
A build command for our clientside code, assuming the use of components.
This is a node.js module that contains helper functions used in AllanBot.
JavaScript library to help web applications with accessibility concerns
A command-line tool to access the Amazon Marketplace Web Services API
AMQP driver for amino
Redis driver for amino
Live editing, testing and debugging for JavaScript
An evented chess library for movement, validation and result detection built on Ampersand.js.