Our security scanner (Sonatype Nexus IQ Auditor) flags chroma.js as vulnerable for including jquery. However, chroma.js does not actually depend on jquery.
The issue is that the jquery is included in the /docs directory, which is part of what gets downloaded when you do npm install chroma-js.
Our security scanner (Sonatype Nexus IQ Auditor) flags chroma.js as vulnerable for including jquery. However, chroma.js does not actually depend on jquery.
The issue is that the jquery is included in the
/docsdirectory, which is part of what gets downloaded when you donpm install chroma-js.The docs should not be shipped.