Running suggested command doesn't fix NPM Vulnerability

This worked for me on MacOS:

Update NPM to the new 6.1.0. It introduces a 'npm audit fix' command, more info here.
Run 'npm audit fix'.

When you run 'npm audit' again, the only vulnerabilities left should be "Manual Review" issues.

This seems to be a bug in npm 6.0.1 related to handling of optional dependencies: https://github.com/npm/npm/issues/20577

This worked for me:

Do the npm audit suggestions that aren't npm updates
Delete package-lock.json
Delete the node_modules folder
Run npm install again

https://github.com/npm/npm/issues/20684

Tags:

Fsevents

Node.Js

Npm

Npm Audit

Related