It seems like lots of major GitHub repos (request, create-react-app, node-sass, Microsoft PXT) are getting warnings about the same potentially vulnerable npm dependency.
It's probably not a big problem and might even be a false positive, but either way it highlights how tricky security in the npm ecosystem can be.
Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.