Site works ok but composer complains about unmet requirements. Do I have a problem?

I am trying to get my permissions right, so I don’t have to run composer as root. As part of this process, I deleted vendor, core and composer.lock and ran composer install with my non-root user. The site appears to be working fine, despite this message composer displayed:

  Problem 1     - drupal/core 8.2.x-dev requires symfony/psr-http-message-bridge v0.2 -> satisfiable by symfony/psr-http-message-bridge[v0.2] but these conflict with your requirements or minimum-stability.     - don't install drupal/core-render 8.2.0|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.0-beta1|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.0-beta2|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.0-beta3|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.0-rc1|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.0-rc2|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.1|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.2|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.3|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.4|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.5|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.6|remove drupal/drupal dev-master     - don't install drupal/core-render 8.2.7|remove drupal/drupal dev-master      etcetera 

What does this mean? Is my site OK, or did I take a wrong turn?

I’m not sure why the composer message references “drupal/core 8.2.x-dev”. Here is the “require” section of my composer.json:

"require": {     "composer/installers": "^1.0.24",     "wikimedia/composer-merge-plugin": "^1.4",     "drupal/entity_clone": "^1.0@beta",     "drupal/features": "^3.8",     "drupal/metatag": "^1.8",     "drupal/webform": "^5.1",     "drupal/config_installer": "^1.8",     "drupal/entity_browser": "^2.1",     "drupal/media_entity_browser": "^1.0@beta",     "drupal/entity_embed": "^1.0@beta",     "drupal/file_browser": "^1.1",     "drupal/admin_menu_search": "^1.0",     "drupal/admin_toolbar": "^1.26",     "drupal/backup_migrate": "^4.0",     "drupal/block_field": "^1.0@alpha",     "drupal/contact_block": "^1.4",     "drupal/contribute": "^5.0@beta",     "drupal/ctools": "^3.2",     "drupal/entity_reference_revisions": "^1.6",     "drupal/facets": "^1.3",     "drupal/field_group": "^1.0",     "drupal/form_placeholder": "^1.0",     "drupal/formblock": "^1.0@beta",     "drupal/glazed_helper": "^1.3",     "drupal/google_analytics": "^3.0",     "drupal/honeypot": "^1.29",     "drupal/imce": "^1.7",     "drupal/insert_block": "1.x-dev",     "drupal/linkit": "^4.3",     "drupal/login_emailusername": "^1.1",     "drupal/material_admin": "^1.0@alpha",     "drupal/menu_link_attributes": "^1.0",     "drupal/minifyhtml": "^1.6",     "drupal/paragraphs": "^1.6",     "drupal/pathauto": "^1.3",     "drupal/redirect": "^1.3",     "drupal/require_login": "^2.0",     "drupal/search_api": "^1.11",     "drupal/simple_sitemap": "^3.0",     "drupal/simplenews": "^1.0@alpha",     "drupal/tfa": "^1.0@alpha",     "drupal/token": "^1.5",     "drupal/video_embed_field": "^2.0",     "drupal/view_unpublished": "^1.0@alpha",     "drupal/viewport": "^1.1",     "drupal/viewsreference": "^1.4",     "drupal/workflow_state_config": "^1.0@alpha",     "drupal/xmlsitemap": "^1.0@alpha",     "drupal/allowed_formats": "^1.1",     "drupal/asset_injector": "^2.4",     "drupal/taxonomy_access_fix": "^2.6",     "drupal/text_summary_options": "^1.0",     "drupal/migrate_source_csv": "^2.2",     "drupal/migrate_plus": "^4.1",     "drupal/migrate_tools": "^4.1",     "drupal/migrate_file": "^1.1",     "drupal/entityqueue": "^1.0@alpha",     "drupal/module_missing_message_fixer": "^1.0@beta",     "drupal/rules": "^3.0@alpha",     "ckeditor/autogrow": "^4.8",     "ckeditor/codemirror": "^1.17",     "ckeditor/fakeobjects": "^4.8",     "ckeditor/image": "^4.8",     "ckeditor/link": "^4.8",     "codemirror/codemirror": "^5.36",     "jquery/geocomplete": "^1.7",     "jquery/icheck": "^1.0",     "jquery/image-picker": "^0.3.0",     "jquery/inputmask": "^3.3",     "jquery/intl-tel-input": "^12.1",     "jquery/rateit": "^1.1",     "jquery/select2": "^4.0",     "jquery/timepicker": "^1.11",     "jquery/toggles": "^4.0",     "jquery/word-and-character-counter": "^2.5",     "progress-tracker/progress-tracker": "^1.4",     "signature_pad/signature_pad": "^2.3",     "drupal/image_widget_crop": "^2.2",     "drupal/crop": "^1.5",     "drupal/advagg": "^3.5",     "drupal/advagg_js_minify": "^3.5",     "drupal/advagg_css_minify": "^3.5",     "drupal/better_exposed_filters": "^3.0@alpha",     "drupal/block_visibility_groups_admin": "^1.3",     "drupal/chosen": "^2.6",     "drupal/chosen_field": "^2.6",     "drupal/content_export_csv": "^3.0@beta",     "drupal/contentimport": "^4.1",     "drupal/event": "1.x-dev",     "drupal/entity_reference_views_select": "^1.3",     "drupal/imce_search_plugin": "^1.0",     "drupal/inline_entity_form": "^1.0@RC",     "drupal/job": "^3.0@alpha",     "drupal/media_bulk_upload": "^1.0@alpha",     "drupal/memcache": "^2.0",     "drupal/purge_ui": "^3.0@beta",     "drupal/purge_processor_lateruntime": "^3.0@beta",     "drupal/purge_tokens": "^3.0@beta",     "drupal/twig_tweak": "^2.1",     "drupal/views_bulk_operations": "^2.5",     "drupal/block_visibility_groups": "^1.3",     "drush/drush": "^9.5",     "drupal/we_megamenu": "^1.5",     "drupal/views_infinite_scroll": "^1.5",     "drupal/embed": "^1.0",     "drupal/dropzonejs": "^2.0@alpha",     "drupal/purge": "^3.0@beta",     "drupal/address": "^1.4",     "drupal/acquia_connector": "^1.16",     "drupal/purge_purger_http": "^1.0@beta",     "drupal/smtp": "^1.0@beta",     "drupal/content_sync": "^2.1",     "drupal/console": "~1.0",     "drupal/devel": "^2.0",     "drupal/core": "8.6.13" }, 

Google Complains This Script is Malicious

I have written a JavaScript analytics tracking script for one of my client. Basically, the script source link is generated using a dynamic GUID and an example of the link is https://whoshouldisee.azurewebsites.net/scripts/F68ADA02-D003-4A56-9BA1-34051CD50381.min.js. This link then points to some dynamic snippets of JavaScript codes which looks like this:

$  response={}; $  response.host=location.hostname; $  response.page=document.URL; $  response.referrer=document.referrer; $  response.UserID='F68ADA02-D003-4A56-9BA1-34051CD50381'; window.onload=function(){setInterval(function(){var esc=encodeURIComponent,query=Object.keys($  response).map(a=>esc(a)+'='+esc($  response[a])).join('&'); fetch('https://whoshouldisee.azurewebsites.net/load/?'+query,{mode:'no-cors',headers:new Headers({'Access-Control-Allow-Origin':'*','Access-Control-Allow-Headers':'Content-Type'})}).then(function(a){console.log('Request succeeded with JSON response',a)}).catch(function(a){console.log('Request failed',a)});},5000);}

This snippet then gives the server the necessary information about the website visitor and the web page. It has been working well on websites until a client uses google webmasters and analytinecessary information about the website visitor and the web page. It has been working well on websites until a client has used it on a website cs tools integrated it on their website, Google has been complaining that the script contains a malicious content, and we were unable to figure out what exactly the malicious content was. We also tried to contact Google but they won’t give a viable reason. They are just complaining the script is malicious without given a reason, not even q guide or principle to follow to ensure a safe script.

Please can anyone take a look at the code and help suggest any approach that could make google flag this as malicious, how also state approaches and corrections to make to make google remove this as a malicious scripts. Thank you so much.