During my tests and install of 389-ds cockpit plugin via npm I got this
"overview": "Versions of `handlebars` prior to 4.5.3 are vulnerable to
prototype pollution. It is possible to add or modify properties to the
Object prototype through a malicious template. This may allow attackers to
crash the application or execute Arbitrary Code in specific conditions.",
"recommendation": "Upgrade to version 4.5.3 or later.",
I had to update package-lock.json pointing to the latest version
of handlebars(4.5.3) in order to install it.
Just to let you guys know.