Currently due to websocket having a dependency on es5-ext the deepgram package is causing failures in builds that rely on socket.dev and snyk for dependency scanning.
The issues is that es5-ext publishes protest banners. I have zero interest in the politics, but from my perspective it's a breach of trust that makes it a supply chain risk.
What is the current behavior?
Currently due to
websocket
having a dependency ones5-ext
the deepgram package is causing failures in builds that rely on socket.dev and snyk for dependency scanning.The issues is that es5-ext publishes protest banners. I have zero interest in the politics, but from my perspective it's a breach of trust that makes it a supply chain risk.
Steps to reproduce
Run a build with socket.dev.
See https://socket.dev/npm/package/@deepgram/sdk
Expected behavior
No critical errors.
Fixes
This can be resolved by adding this to your package.json: