How do I fix a vulnerable npm package in my package-lock.json that isn't listed in the package.json?

Question

Github is telling me that a dependency in my package-lock.json file is vulnerable and outdated. The problem is that if I do npm install or npm update

Answer 1

did you try this: go to your project root, delete the package-lock.json file, node_modules and .cache folders, and then npm install.