Ryan DeBeasi is a user on mastodon.xyz. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Ryan DeBeasi @ryan

It seems like lots of major GitHub repos (request, create-react-app, node-sass, Microsoft PXT) are getting warnings about the same potentially vulnerable npm dependency.

It's probably not a big problem and might even be a false positive, but either way it highlights how tricky security in the npm ecosystem can be.