When installing this module, npm reports a moderate-severity vulnerability caused by the required version of http-server, which is 0.12.3, that requires a vulnerable version of ecstatcic (<4.1.3).
The earliest non-vulnerable version of http-serverseems to be 0.13.0, since it does not require the now unsupported ecstatic package.
Also, it seems like openrouteservice-js does not utilize http-server on top level. If that's the case, the dependency could be removed, fixing the vulnerability problem and removing a useless package too.
When installing this module, npm reports a moderate-severity vulnerability caused by the required version of
http-server
, which is0.12.3
, that requires a vulnerable version ofecstatcic
(<4.1.3
). The earliest non-vulnerable version ofhttp-server
seems to be0.13.0
, since it does not require the now unsupportedecstatic
package. Also, it seems likeopenrouteservice-js
does not utilizehttp-server
on top level. If that's the case, the dependency could be removed, fixing the vulnerability problem and removing a useless package too.