During my tests and install of 389-ds cockpit plugin via npm I got this warning: 

"overview": "Versions of `handlebars` prior to 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.",
      "recommendation": "Upgrade to version 4.5.3 or later.",

I had to update package-lock.json  pointing to the latest version of handlebars(4.5.3) in order to install it.

Just to let you guys know.


Alberto Viana