Severity
Critical
Description
Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the git dependency to npm or a private package repository and consume it from there.
Packages with this alert
very simple online playground for visually creating web applications
A WebVR scene. Made with A-Frame, a WebVR framework.
Model viewer. Made with A-Frame, a WebVR framework.
A-Frame scene built from primitives.
Room built using A-Frame.