Severity
Critical
Description
Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.
Suggestion
Publish the HTTP URL dependency to npm or a private package repository and consume it from there.
Packages with this alert
JSDoc theme used by bookshelfjs.org, the homepage of the Bookshelf.js ORM http://bookshelfjs.org
Public theme for Open Savannah, powered by BrigadeHub
browser-side require() the node way
Business calendar momentjs plugin
Parser for CLI arguments.
Buster capture server
Groks the buster.js configuration file, including resource loading, file globbing, grouped test configs and more
QUnit style browser based test runner
Promised based evented xUnit and BDD style test runner for JavaScript