franciscop
commented
3 years ago It seems like a non-issue in this situation; this likely applies more to packages that are general API-like or for unknown sources. I doubt protecting against Google trying to DDOS you through this package to be relevant.
if you are relying on node-fetch to gate files above a size
We are not doing that here, so again seems like a non-an-issue. npm's "security audit" is often too noisy for no reason, of which this seems to be the case.
npm alerted 1 low severity vulnerability after installing:
Low Denial of Service
Package node-fetch
Patched in >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9
Dependency of translate
Path translate > node-fetch
More info https://npmjs.com/advisories/1556
Looks like a update of node-fetch should fix it.