Found vulnerabilities after 'npm install'

[onlycs]

after running npm install I get:

found 75 vulnerabilities (57 low, 3 moderate, 15 high)
  run `npm audit fix` to fix them, or `npm audit` for details

But Dopamine Runs Fine.

Are the vulnerabilities bad?

[digimezzo]

@dragonBall561 There is no reason to be alarmed. NPM checks dependencies of all packages. The vulnerabilities are in components that Dopamine uses, and in sub-components of those components. Trying to fix those, is madness.
Here is an interesting article about this: https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install/

[dertuxmalwieder]

Here is an interesting article about this: https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install/

That article (an opinion piece) basically says that, if a vulnerability was found, it does exist and the author won’t care anyway.

Among the several reasons why I, personally, think that the move towards Electron was a bad idea, this is one of them. Yes, you will fetch dependencies with security problems, and no, this is not something you should ignore.

I would prefer software that I install and use to have no known security problems, to be honest.