npm: CVE-2021-27290
Blackduck security scanner finds node module "ssri" in version 6.0.1 is prone to CVE-2021-27290.
apk info --who-owns /usr/lib/node_modules/npm/node_modules/ssri/package.json: /usr/lib/node_modules/npm/node_modules/ssri/package.json is owned by npm-14.16.0-r0
So we like to request updating the ssri module in the npm alpine package at least to 8.0.1