npm install version errors

[rocketzoom]

Describe the bug
Running npm install produces npm critical errors

To Reproduce
Steps to reproduce the behavior:

1. Clone the latest master branch
2. cd paperbits-demo
3. npm install
4. See error

Expected behavior
Be able to setup paperbits with no errors

Screenshots
`(base) ➜ paperbits-demo git:(master) npm install

added 1288 packages, and audited 1289 packages in 1m

8 packages are looking for funding
run npm fund for details

34 vulnerabilities (20 moderate, 14 high)

To address issues that do not require attention, run:
npm audit fix

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.`

[azaslonov]

Hi @rocketzoom,

I have to close this issue because it is nearly impossible to bring the number of security audit warnings to zero. There is always a "dependency of a dependency of a dependency" that has some reported issues. However, this doesn't always mean that your users are vulnerable. For example, the audit brings up an issue in meow library which is a dependency of saas-loader which used for the styles compilation in build time:

node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    node-sass  >=3.5.0-beta.1
    Depends on vulnerable versions of meow
    node_modules/node-sass
      sass-loader  5.0.0 - 6.0.7 || >=8.0.0
      Depends on vulnerable versions of node-sass
      node_modules/sass-loader

Since it's build time, there is no threat for end-users of the website, because meow is not executed in the runtime at all.

Of course, we still keep an eye on audit reports and fix whatever can be fixed right away.

Hope that makes sense.