Latest NPM Install Contains Vulnerabilities

[AngeloAnolin]

After installing this package, I ran npm audit fix to resolve any issue. High vulnerabilities were fixed but some dependencies are not resolved:

=== npm audit security report ===


                                Manual Review
            Some vulnerabilities require your attention to resolve

         Visit https://go.npm.me/audit-guide for additional guidance


 Moderate        Prototype Pollution

 Package         hoek

 Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

 Dependency of   webkul-micron

 Path            webkul-micron > gulp-less > less > request > hawk > boom >
                 hoek

 More info       https://npmjs.com/advisories/566


 Moderate        Prototype Pollution

 Package         hoek

 Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

 Dependency of   webkul-micron

 Path            webkul-micron > gulp-less > less > request > hawk >
                 cryptiles > boom > hoek

 More info       https://npmjs.com/advisories/566


 Moderate        Prototype Pollution

 Package         hoek

 Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

 Dependency of   webkul-micron

 Path            webkul-micron > gulp-less > less > request > hawk > hoek

 More info       https://npmjs.com/advisories/566


 Moderate        Prototype Pollution

 Package         hoek

 Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

 Dependency of   webkul-micron

 Path            webkul-micron > gulp-less > less > request > hawk > sntp >
                 hoek

 More info       https://npmjs.com/advisories/566

found 4 moderate severity vulnerabilities in 24674 scanned packages
 4 vulnerabilities require manual review. See the full report for details.

I am unsure if this packaging for NPM needs to be fixed at this level.