What to build
Socket flagged 2 packages that access the network. This is expected behavior for our CLI (we fetch templates from GitHub), but we should document which packages make network requests and ensure no unexpected outbound connections exist.
Steps to resolve
- The network access is from
tiged (or its replacement) fetching templates — this is intentional.
- Document in the README or a SECURITY.md file that the CLI makes outbound requests to GitHub only.
- Ensure no other dependency makes unexpected network calls.
Acceptance criteria
What to build
Socket flagged 2 packages that access the network. This is expected behavior for our CLI (we fetch templates from GitHub), but we should document which packages make network requests and ensure no unexpected outbound connections exist.
Steps to resolve
tiged(or its replacement) fetching templates — this is intentional.Acceptance criteria
SECURITY.mddocumenting what network requests the CLI makes and why.--offlinenote in docs explaining the CLI requires internet for production mode.