Severity
High
Description
Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the GitHub dependency to npm or a private package repository and consume it from there.
Packages with this alert
Physics system for A-Frame VR, built on Cannon.js
Screewriting tools
Simple AgensGraph web UI client that easy to run and use
WhatsApp Bot OpenAI ChatGPT Using Lib Baileys Multi Device
WhatsApp Bot OpenAI ChatGPT Using Lib Baileys Multi Device