found  high severity vulnerability

  run `npm audit fix` to fix them, or `npm audit` for details

$ npm audit fix [--force]

$ npm audit

$ npm audit --json

fixed  of  vulnerability in  scanned packages

   vulnerability required manual review and could not be updated

npm audit --json

{

"actions": [

{

"action": "review",

"module": "tar",

"resolves": [

{

"id": ,

"path": "@angular-devkit/build-angular>node-sass>node-gyp>tar",

"dev": true,

"optional": true,

"bundled": false

}

]

}

],

"advisories": {

"": {

"findings": [

{

"version": "2.2.1",

"paths": [

"@angular-devkit/build-angular>node-sass>node-gyp>tar"

],

"dev": true,

"optional": true,

"bundled": false

}

],

"id": ,

"created": "2019-04-04T03:31:56.572Z",

"updated": "2019-04-12T15:52:56.353Z",

"deleted": null,

"title": "Arbitrary File Overwrite",

"found_by": {

"link": "",

"name": "Max Justicz"

},

"reported_by": {

"link": "",

"name": "Max Justicz"

},

"module_name": "tar",

"cves": [],

"vulnerable_versions": "<4.4.2",

"patched_versions": ">=4.4.2",

"overview": "Versions of `tar` prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.",

"recommendation": "Upgrade to version 4.4.2 or later.",

"references": "- [HackerOne Report](https://hackerone.com/reports/344595)",

"access": "public",

"severity": "high",

"cwe": "CWE-59",

"metadata": {

"module_type": "",

"exploitability": ,

"affected_components": ""

},

"url": "https://npmjs.com/advisories/803"

}

},

"muted": [],

"metadata": {

"vulnerabilities": {

"info": ,

"low": ,

"moderate": ,

"high": ,

"critical":

},

"dependencies": ,

"devDependencies": ,

"optionalDependencies": ,

"totalDependencies":

},

"runId": "8e446833-64cb-4b92-8bf0-f297c6ce45ab"

}