There are a few security vulnerabilities (with npm@6.0.1) among the dependencies

[kittaakos]

npm --version && npm audit
6.0.1

                       === npm audit security report ===

# Run  npm install request@2.86.0  to resolve 3 vulnerabilities

  Moderate        Prototype pollution

  Package         hoek

  Dependency of   request

  Path            request > hawk > boom > hoek

  More info       https://nodesecurity.io/advisories/566




  High            Regular Expression Denial of Service

  Package         sshpk

  Dependency of   request

  Path            request > http-signature > sshpk

  More info       https://nodesecurity.io/advisories/606




  Moderate        Out-of-bounds Read

  Package         stringstream

  Dependency of   request

  Path            request > stringstream

  More info       https://nodesecurity.io/advisories/664



# Run  npm update hoek --depth 5  to resolve 3 vulnerabilities

  Moderate        Prototype pollution

  Package         hoek

  Dependency of   request

  Path            request > hawk > cryptiles > boom > hoek

  More info       https://nodesecurity.io/advisories/566




  Moderate        Prototype pollution

  Package         hoek

  Dependency of   request

  Path            request > hawk > hoek

  More info       https://nodesecurity.io/advisories/566




  Moderate        Prototype pollution

  Package         hoek

  Dependency of   request

  Path            request > hawk > sntp > hoek

  More info       https://nodesecurity.io/advisories/566




[!] 6 vulnerabilities found - Packages audited: 194 (95 dev, 6 optional)
    Severity: 5 Moderate | 1 High