Downloading most recent update (from a year ago) shows possible 5 critical vulnerabilities. Could you please provide and updated version with most recent libraries?
Hello, which project variant are you using (angular, react, etc)? Do you require to fix this vulnerabilities due to they affect directly your code or is just because of the report?
Asking this because from my experience, vulnerabilities sometimes affect the frontend and specifically to the usage of the package, which means they must be fixed. But many times they are related to the features used at build time and they never touch the frontend and sometimes they are related to features no used in the project. Or even they are dependencies of other dependencies, which means it must be solve upstream.
Of course, zero vulnerabilities reported is much better to improve security but I'm writing this because you can fix vulnerabilities by updating the package version and if the fix does not involve breaking changes it is done automatically, otherwise you need to consider if the issue affects your project before put effort in fix such vulnerabilities.
Fix Multiple Security Vulnerabilities
31 vulnerabilities (9 moderate, 17 high, 5 critical)
To address issues that do not require attention, run:
npm audit fix
Do you require to fix this vulnerabilities due to they affect directly your code or is just because of the report?
Asking this because from my experience, vulnerabilities sometimes affect the frontend and specifically to the usage of the package, which means they must be fixed. But many times they are related to the features used at build time and they never touch the frontend and sometimes they are related to features no used in the project. Or even they are dependencies of other dependencies, which means it must be solve upstream.
Of course, zero vulnerabilities reported is much better to improve security but I'm writing this because you can fix vulnerabilities by updating the package version and if the fix does not involve breaking changes it is done automatically, otherwise you need to consider if the issue affects your project before put effort in fix such vulnerabilities.
Let me know if you have any question
Regards