$ npm audit
# npm audit report
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install node-red-node-test-helper@0.2.3, which is a breaking change
node_modules/node-red-node-test-helper/node_modules/semver
node-red-node-test-helper >=0.2.4
Depends on vulnerable versions of semver
node_modules/node-red-node-test-helper
2 moderate severity vulnerabilities
...
$
https://github.com/npm/node-semver/blob/main/CHANGELOG.md https://github.com/advisories/GHSA-c2qf-rxjj-qqgw