The node module packages used have not been updated in a long time and have security vulnerabilities that npm install reports as CRITICAL

[rfinner]

The node module packages used have not been updated in a long time and have security vulnerabilities that npm install reports as CRITICAL. In addition, the out of date packages make this code difficult to merge into existing codebases that have requirements for newer or more updated packages.

to reproduce:

git clone git@github.com:tbn-org/samples-js-react.git
cd samples-js-react.git
npm install

@okta/samples-js-react@3.0.0 postinstall
npm install --prefix custom-login && npm install --prefix okta-hosted-login

up to date, audited 1941 packages in 6s

165 packages are looking for funding
run npm fund for details

29 vulnerabilities (18 moderate, 9 high, 2 critical)

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

up to date, audited 1933 packages in 4s

165 packages are looking for funding
run npm fund for details

29 vulnerabilities (18 moderate, 9 high, 2 critical)

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

up to date, audited 665 packages in 13s

25 packages are looking for funding
run npm fund for details

19 vulnerabilities (10 moderate, 9 high)

To address issues that do not require attention, run:
npm audit fix

To address all issues (including breaking changes), run:
npm audit fix --force

[aarongranick-okta]

@rfinner Thank you for reporting this. I've created an internal issue OKTA-473377 and we will get these packages updated. We can also accept PRs on this repository.