bin-links prior to 1.1.5 are vulnerable to a Symlink reference outside of node_modules. It is possible to create symlinks to files outside of the
node_modules folder through the
bin field. This may allow attackers to access unauthorized files.
Upgrade to version 1.1.5 or later.