$ npm install jsoniq -save
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
added 68 packages, and audited 69 packages in 5s
1 package is looking for funding
run `npm fund` for details
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
$ npm audit
# npm audit report
lodash <=4.17.18
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1065
Prototype Pollution - https://npmjs.com/advisories/1523
Prototype Pollution - https://npmjs.com/advisories/577
Prototype Pollution - https://npmjs.com/advisories/782
No fix available
node_modules/lodash
jsoniq *
Depends on vulnerable versions of lodash
node_modules/jsoniq
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
jsoniq includes lodash~2.4.1 - it's up to 4.17.20 now
jsoniq includes lodash~2.4.1 - it's up to 4.17.20 now