NPM audit nightmare

[jeff-zucker]

Running npm audit in a newly downloaded solid-auth-fetcher gives

found 4414 vulnerabilities (4 low, 92 moderate, 4318 high) in 1234 scanned packages

Running npm audit fix fixes all but 2 of them, but then the tests for solid-auth-fetcher fail.

[jeff-zucker]

My setup in case it's relevant

  System:
    OS: Linux 5.4 Linux Mint 20.1 (Ulyssa)
    CPU: (4) x64 Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
    Memory: 1.30 GB / 11.61 GB
    Container: Yes
    Shell: 5.0.17 - /bin/bash
  Binaries:
    Node: 12.19.1 - ~/.nvm/versions/node/v12.19.1/bin/node
    npm: 6.14.8 - ~/.nvm/versions/node/v12.19.1/bin/npm
  Browsers:
    Chrome: 90.0.4430.212
    Firefox: 88.0.1
  npmPackages:
    @types/debug: ^4.1.5 => 4.1.5 
    @types/form-urlencoded: ^4.0.4 => 4.4.0 
    @types/jest: ^24.0.24 => 24.9.1 
    @types/jjv: ^1.0.29 => 1.0.29 
    @types/jsonwebtoken: ^8.5.0 => 8.5.0 
    @types/lodash.clonedeep: ^4.5.6 => 4.5.6 
    @types/node: ^14.0.23 => 14.0.23 
    @types/node-fetch: ^2.5.6 => 2.5.7 
    @types/node-jose: ^1.1.4 => 1.1.4 
    @types/url-parse: ^1.4.3 => 1.4.3 
    @types/uuid: ^8.0.0 => 8.0.0 
    @typescript-eslint/eslint-plugin: ^2.34.0 => 2.34.0 
    @typescript-eslint/parser: ^2.34.0 => 2.34.0 
    ajv: ^6.12.6 => 6.12.6 
    build-module: ^1.0.7 => 1.0.7 
    concurrently: ^5.2.0 => 5.2.0 
    cross-fetch: ^3.0.5 => 3.0.5 
    crypto-random-string: ^3.3.0 => 3.3.0 
    debug: ^4.3.1 => 4.3.1 
    eslint: ^6.1.0 => 6.8.0 
    eslint-config-prettier: ^6.10.0 => 6.11.0 
    eslint-plugin-license-header: ^0.2.0 => 0.2.0 
    eslint-plugin-prettier: ^3.1.4 => 3.1.4 
    form-urlencoded: ^6.0.4 => 6.0.4 
    husky: ^4.2.3 => 4.2.5 
    jest: ^25.1.0 => 25.5.4 
    jose: ^1.27.2 => 1.27.2 
    jsonwebtoken: ^8.5.1 => 8.5.1 
    license-checker: ^25.0.1 => 25.0.1 
    lint-staged: ^10.2.11 => 10.2.11 
    lodash.clonedeep: ^4.5.0 => 4.5.0 
    node-fetch: ^2.6.0 => 2.6.0 
    node-jose: ^1.1.3 => 1.1.4 
    prettier: ^1.19.1 => 1.19.1 
    react-native-jose: git+https://github.com/hellojoko/react-native-jose.git => 0.1.0 
    reflect-metadata: ^0.1.13 => 0.1.13 
    ts-jest: ^25.5.1 => 25.5.1 
    ts-loader: ^7.0.4 => 7.0.5 
    tsc-watch: ^4.2.9 => 4.2.9 
    tsyringe: ^4.3.0 => 4.3.0 
    typescript: ^3.9.6 => 3.9.6 
    url-parse: ^1.4.7 => 1.4.7 
    uuid: ^8.2.0 => 8.2.0 
    webpack: ^4.41.6 => 4.43.0 
    webpack-bundle-analyzer: ^3.8.0 => 3.8.0 
    webpack-cli: ^3.3.12 => 3.3.12 
    webpack-merge: ^4.2.2 => 4.2.2 
    ws: ^7.3.1 => 7.3.1 
  npmGlobalPackages:
    npm-check-updates: 11.5.13
    npm: 6.14.8