devDependencies

looking at the dependencies, for example
 @coreui/icons-react@2.0.0-rc.5
  └─┬ @typescript-eslint/eslint-plugin@4.29.1
    └─┬ eslint@7.32.0
      └─┬ strip-ansi@6.0.0
        └── ansi-regex@5.0.0
        
 Shouldn't this @typesciprt-eslint be in dev dependencies? Trying to remove production vulenerabilities from my repo and this is coming up in `npm audit --production`.