When I push my Phoenix 1.4 app to github, I get security vulnerabilties notification on github.
So I decided to investigate.
npm audit in the assets directory, I get the following report:
=== npm audit security report ===
# Run npm install --save-dev firstname.lastname@example.org to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Cross-Site Scripting
Dependency of copy-webpack-plugin [dev]
More info https://npmjs.com/advisories/1426
So is it safe to do
npm install --save-dev email@example.com because it says it is a potentially breaking change ?