npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm audit incorrectly flags a package

npm flags the axios package even though its patched v0.18.1 is used, it still says that 0.19.0 should be used (which is also patched, but with additional changes, whereas 0.18.1 is just the patch).

How can this be resolved? Based on what does it say this?
This is the output of npm audit --json:

"81888": {
      "findings": [
        {
          "version": "0.18.1",
          "paths": [
            "analytics-node>axios"
          ],
          "dev": false,
          "optional": false,
          "bundled": false
        }
      ],
      "id": 81888,
      "created": "2019-05-16T07:33:00.184Z",
      "updated": "2019-07-11T01:00:00Z",
      "deleted": null,
      "title": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.",
      "found_by": {
        "name": "nvd"
      },
      "reported_by": {
        "name": "Jfrog-Xray"
      },
      "module_name": "axios",
      "cves": [
        "CVE-2019-10742"
      ],
      "vulnerable_versions": "0.16.2 ≤ Version ≤ 0.19.0-beta.1",
      "patched_versions": "0.19.0",
      "overview": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.",
      "recommendation": "Update to version 0.19.0 or later.",
      "references": "https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505,https://github.com/axios/axios/issues/1098,https://github.com/axios/axios/pull/1485",
      "access": "public",
      "severity": "moderate",
      "cwe": "CWE-20",
      "metadata": {
        "module_type": "",
        "exploitability": 0,
        "affected_components": ""
      },
      "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10742"
    }
  },
  "muted": [],
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 1,
      "high": 0,
      "critical": 0
    },
    "dependencies": 0,
    "devDependencies": 0,
    "optionalDependencies": 0,
    "totalDependencies": 65
  },
  "runId": "3aae7e07-70eb-4722-96ed-176c9e4ee1cd"
}