Critical security advisory for atlaskit dependency

Using the yarn dependency scanner ‘improved-yarn-audit’ is flagging a critical security vulnerability Malware in react-intl-next · GHSA-3h5j-8vhj-3cmf · GitHub Advisory Database · GitHub which originates from the dependency ‘react-intl-next’.

This dependency is in my package.json according to the following guide Atlaskit by Atlassian as such: “react-intl-next”: “npm:react-intl@^5.18.1”

Would appreciate if we can have a comment on this, thanks!

This package does not exist anymore, thats why the package json is referring to react-intl, which does not seem to have any issues react-intl vulnerabilities | Snyk

1 Like

Sounds like this is flagging a false positive then. Thanks!