found 77 vulnerabilities (9 low, 57 moderate, 9 high, 2 critical)

[almothafar]

It seems this module is kinda critical to use and not recommended:

npm i cordova-check-plugins
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated hoek@0.9.1: The major version is no longer supported. Please update to 4.x or newer
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.7: Use uuid module instead
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@2.1.1 requires a peer of ajv@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN uglifyjs-webpack-plugin@0.4.6 requires a peer of webpack@^1.9 || ^2 || ^2.1.0-beta || ^2.2.0-rc || ^3.0.0 but none is installed. You must install peer dependencies yo
urself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.0 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

+ cordova-check-plugins@4.0.4
updated 3 packages and audited 64861 packages in 19.976s
found 77 vulnerabilities (9 low, 57 moderate, 9 high, 2 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

When I run npm audit > npm-audit.log I get like all details for all issues, and all related to this module, file attached (npm-audit.log) since it is really big, but for critical and high one:

Critical Paths:

cordova-check-plugins > plugman > cordova-lib > tar
cordova-check-plugins > plugman > cordova-lib > cordova-js > browserify > shell-quote

High Paths:

cordova-check-plugins > cordova > cordova-lib > cordova-js > browserify > cached-path-relative
cordova-check-plugins > cordova > cordova-lib > cordova-js > browserify > module-deps > cached-path-relative
cordova-check-plugins > plugman > cordova-lib > npm > node-gyp > request > http-signature > sshpk
cordova-check-plugins > plugman > cordova-lib > npm > npm-registry-client > request > http-signature > sshpk
cordova-check-plugins > plugman > cordova-lib > npm >  request > http-signature > sshpk
cordova-check-plugins > plugman > cordova-lib > npm > node-gyp > request > tough-cookie
cordova-check-plugins > plugman > cordova-lib > npm > npm-registry-client > request > tough-cookie
cordova-check-plugins > plugman > cordova-lib > npm > request > tough-cookie 
cordova-check-plugins > plugman > cordova-lib > cordova-js > browserify > glob > minimatch

[dpa99c]

This module is not intended to be deployed to a remote server where these vulnerabilities can be exploited, it is intended as a CLI tool to run on your local development machine which only you have access to, hence they are irrelevant.