Dependencies have high severity security issues

From a fresh repo using this template, run `npm install` and then `npm audit`:

```
# npm audit report

shelljs  <0.8.5
Severity: high
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6
No fix available
node_modules/shelljs
  recursive-install  *
  Depends on vulnerable versions of shelljs
  Depends on vulnerable versions of yargs
  node_modules/recursive-install

yargs-parser  <=5.0.0
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/recursive-install/node_modules/yargs-parser
  yargs  4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
  Depends on vulnerable versions of yargs-parser
  node_modules/recursive-install/node_modules/yargs
    recursive-install  *
    Depends on vulnerable versions of shelljs
    Depends on vulnerable versions of yargs
    node_modules/recursive-install

4 vulnerabilities (2 moderate, 2 high)

Some issues need review, and may require choosing
a different dependency.
```

It does not appear [recursive-install](https://www.npmjs.com/package/recursive-install) has been updated for 4 years.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependencies have high severity security issues #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Dependencies have high severity security issues #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions