psarando
commented
3 years ago Thanks for the heads up.
I haven't made any code changes to this library for a while, so I hadn't noticed some of these yet. In fact, I was planning on making some code changes soon, so I'll try to fix these at that time (when I can find some spare time in the next few weeks).
In the meantime, if I'm reading the npm audit correctly, most of these vulnerabilities are coming from dev dependencies (for example Storybook, jest, or dev server deps), and are not used directly by this library. So if anyone is interested in building an app using this library, I'm not sure these vulnerabilities would apply to that app (though running npm audit on that app would probably let you know).
when I run npm install, I get: 43 vulnerabilities (4 low, 18 moderate, 21 high), I'm not really sure you want to run this software