I cloned ParaViewWeb from https://github.com/kitware/paraviewweb then did the following;-
$ npm install
$ npm audit fix
Leaving me with this:
found 42 vulnerabilities (9 low, 23 moderate, 10 high) in 41716 scanned packages
14 vulnerabilities require semver-major dependency updates.
28 vulnerabilities require manual review.
How do I fix the 14 vulnerabilities that require semver-major dependency updates?
When you run npm audit, there should be a line telling you how to update it, e.g.:
# Run npm install --save-dev example@5.0.2 to resolve 1 vulnerability
# SEMVER WARNING: Recommended action is a potentially breaking change
Just execute that to fix it.
If you are already sure that you need to run all that updates then use:
npm audit fix --force
From npm Docs
If the chain of metavulnerabilities extends all the way to the root project, and it cannot be updated without changing its dependency ranges, then npm audit fix will require the --force option to apply the remediation. If remediations do not require changes to the dependency ranges, then all vulnerable packages will be updated to a version that does not have an advisory or metavulnerability posted against it.
If you are in my situation, there currently is no fix.
You may have to complete the fix yourself: Go into the package and change it's package.json version manually.
OR
Open an issue on the package and hope its still being maintained by the creator.
https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities
has a list of suggested fixes.
