Avoid directly linking UI/static assets (e.g., icons, images) to external domains. Keep them inside the repository and reference them via local paths so builds don’t depend on third-party availability, reduce tracking/privacy exposure, and minimize supply-chain risk.

// Instead of:
// iconUrl: 'https://static.mermaidchart.dev/assets/icon-public.svg'

import iconPublic from '@/assets/icons/icon-public.svg';
import iconTerminal from '@/assets/icons/icon-terminal.svg';
import iconWhiteboard from '@/assets/icons/icon-whiteboard.svg';

interface Feature {
  iconUrl: string;
  featureName: string;
}

const featureColumns = ref<Feature[][]>([
  [
    { iconUrl: iconPublic, featureName: 'Diagram stored in URL' },
    { iconUrl: iconTerminal, featureName: 'Code editor' },
    { iconUrl: iconWhiteboard, featureName: 'Whiteboard' },
  ],
]);

Apply this rule to all static resources used in the UI (icons, SVGs, logos, fonts) unless there is an explicit, approved exception with documented risk acceptance.

Add Repository

Private Repository