[Security Vulnerability] One of your dependencies has a dependency which has been flagged as having a security vulnerability (according to nodesecurity.io)

[chase2981]

According to nodesecurity.io, your guys' tailwindcss package is dependent on a package with a security vulnerability, as shown below.

(+) 1 vulnerability found
┌────────────┬────────────────────────────────────────────────────────────────────┐
│ │ Prototype pollution attack │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Name │ hoek │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ CVSS │ 4 (Medium) │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Installed │ 2.16.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <= 4.2.0 || >= 5.0.0 < 5.0.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Patched │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Path │ my-project@0.0.0 > tailwindcss@0.5.1 > nodemon@1.17.2 > │
│ │ chokidar@2.0.3 > fsevents@1.1.3 > node-pre-gyp@0.6.39 > hawk@3.1.3 │
│ │ > hoek@2.16.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/566 │
└────────────┴────────────────────────────────────────────────────────────────────┘

Recreation Steps:
First run npm i nsp then run npx nsp check in any project that has any version of tailwindcss installed, and you will receive the error

Recommendations:
Add the nodesecurity.io badge to your README.md so that your dependencies stay secure

I was hoping you guys could please correct this? Thank you.

[adamwathan]

Thanks, sorted it out and tagged a new release.