We recently had a security audit at my company -- and it was discovered that the NPM module babel-runtime is actually needed for chromy at runtime. This dependency is added by Babel during build and required by babel for runtime polyfills. In most installation cases this works fine since other packages already declare this package implicitly -- but for chromy to pass our validation it needs to explicitly declare this runtime library in chromy's package.json (it must be under dependencies not devDependencies)
Hi @dotneet!
We recently had a security audit at my company -- and it was discovered that the NPM module
babel-runtime
is actually needed for chromy at runtime. This dependency is added by Babel during build and required by babel for runtime polyfills. In most installation cases this works fine since other packages already declare this package implicitly -- but for chromy to pass our validation it needs to explicitly declare this runtime library in chromy's package.json (it must be underdependencies
notdevDependencies
)Would it be possible to declare this dependency?
I will try to create a PR to make it easier.
Cheers.