[BUG]: Installation raises vulnerability warning flags for xmldom and jxon - no fix available?

[richlysakowski]

Issue description

I'm a JavaScript NOOOB. Python hacking and application expert, but JavaScript-severly-challenged !!

I want to try out jsoncrack for its cool visualization and data conversion capabilities.

Has anyone created a python wrapper for it yet? That would it more accessible to many more people.

############################################################################

When I ran the installer I got the following errors. I am not sure what are good 100% compatible replacements for xmldom and jxon.

Any suggestions? I will need explicit instructions to do the replacements. I will consult with Copolit also.

(ThePhysicsHub) C:\Users\PowerUser\Documents\Github_RSL_Utils\JsonCrack>npm install
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: No longer maintained
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated [email protected]: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated [email protected]: This package is no longer maintained. Please use @use-gesture/react instead
npm warn deprecated [email protected]: Please switch to @apidevtools/json-schema-ref-parser
npm warn deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.

added 671 packages, and audited 672 packages in 2m

166 packages are looking for funding
run npm fund for details

2 vulnerabilities (1 moderate, 1 critical)

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.

######################################################
Then I ran "npm audit" as suggested, which gave me the following messages.

npm audit --audit-level info

npm audit report

xmldom *
Severity: critical
Misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom
jxon *
Depends on vulnerable versions of xmldom
node_modules/jxon

2 vulnerabilities (1 moderate, 1 critical)

Some issues need review, and may require choosing a different dependency.

Operating system

• OS: [e.g. iOS]: Windows 10 Professional

installed nodejs and jsoncrack in conda environment to isolate it from the rest of my Windows runtime environment.

• Browser [e.g. chrome, safari]:
  FireFox, Edge, and Chrome

Priority this issue should have

High