Just started a new Express.js project and ran npx express-generator per https://exprssjs.com/en/starter/generator.html. This resulted in a warning of "8 vulnerabilities (1 low, 4 high, 3 critical)" including:
- clean-css (installed 4.1.11, currently at 5.3.3)
- constantinople (installed 3.1.1, currently at 4.0.1)
- qs (installed 6.5.2, currently at 6.12.0)
- uglify-js (installed 2.5.0, currently at 3.17.4)
- debug (installed 2.6.9, currently at 4.3.4)
The last commit on the express-generator repo was 2 years ago https://github.com/expressjs/generator/commit/f20bb379dd5bfb6e0f29996de83a271827c396d0, is the project no longer being maintained or are the outdated packages not really a concern?