Severity
High
Description
Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the GitHub dependency to npm or a private package repository and consume it from there.
Packages with this alert
Crawls product reviews from Amazon.
Sugar methods for amqplib
organic-angel scripts for development within k8s clusters
A React Native renderer for Angular 2
Bootstrap Markdown components made available in Angular
Angular directive that snaps to panes on scroll