The download NPM package appears to be unmaintained at this point, and is pulling in a number of outdated transitive dependencies that are vulnerable to various CVEs. Switching to node-downloader-helper would reduce this problem, as that has no transitive dependencies.
The
downloadNPM package appears to be unmaintained at this point, and is pulling in a number of outdated transitive dependencies that are vulnerable to various CVEs. Switching to node-downloader-helper would reduce this problem, as that has no transitive dependencies.