Hi, for latest libnpm 2.0.1 a vulnerable version of dependency npm-lifecycle was reported in npm audit. Could you please
npm audit fix your package and publish to npm?
npm audit output follows:
High Arbitrary File Overwrite
Patched in >=4.4.2
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > tar
More info https://nodesecurity.io/advisories/803