[Help needed]: Failed to install but seems to of installed ok? critical security issues

[dansonamission]

Your Current NRCHKB Plugin Version

1.6.1

Operating System

No response

How can we help?

Tried installing the pallet but it errored saying it couldnt be installed, but it seems like it has installed?

2024-04-02T13:01:00.729Z Install : node-red-contrib-homekit-bridged 1.6.1

2024-04-02T13:01:00.801Z npm install --no-audit --no-update-notifier --no-fund --save --save-prefix=~ --production --engine-strict node-red-contrib-homekit-bridged@1.6.1
2024-04-02T13:01:08.299Z [err] npm
2024-04-02T13:01:08.303Z [err]
2024-04-02T13:01:08.304Z [err] WARN config production Use --omit=dev instead.
2024-04-02T13:02:20.170Z [err] npm
2024-04-02T13:02:20.171Z [err] WARN deprecated vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
2024-04-02T13:02:52.251Z [out]
2024-04-02T13:02:52.251Z [out] added 260 packages in 2m
2024-04-02T13:02:52.346Z rc=0

Any more details?

If this is specific to some hardware or specific software version, please explain here.

Any code or functions to add?

No response

[caitken-com]

Hi @dansonamission,
I checked the dependencies of the project, it’s not directly required. Might be a dependency of another dependency?

It’s been depreciated for over a year now, not sure why no one else has had this issue though.
https://www.npmjs.com/package/vm2

Maybe see if you can remove vm2 package.