Fix vulnerability package transitive dependency cryptiles@3.1.2

[huksley]

https://nvd.nist.gov/vuln/detail/CVE-2018-1000620

Added

"resolutions": {
  "cryptiles": "4.1.2"
}

and executed

npx npm-force-resolutions
npm install

https://github.com/rogeriochaves/npm-force-resolutions

[angelogiuseppe]

To anyone experiencing this issue, feel free to try: https://www.npmjs.com/package/force-resolutions

Just change:

"preinstall": "npx npm-force-resolutions"

To:

"preinstall": "npx force-resolutions"

npx force-resolutions does not run when no package-lock.json is detected, and allows the next command inline to be executed as normal. This is useful when installing dependencies for a package that has been already published where package-lock.json is not available.

Feedback and PR's are welcome