when install editor with npm, npm report security vulnerability.
But TOAST UI Monthly 2020.06 says XSS vulnerability fixed in version 2.2.0.
Should I just ignore this report?

2.3.1
@gincheong When I checked the issue you registered, it seems to be due to the issue registered in npmjs below.
First, explaining this situation, there was a report from npmjs about XSS vulnerability. So, the Editor first added the customHTMLSanitaizer option in version 2.1.0 (let the user handle sanitizing manually). Later, in version 2.2.0, the default sanitizer function of the Editor was improved to remove the element that caused XSS.
I think the reason npmjs registered the warning message is because it was applied in version 2.1.0. For now, you can ignore that message. But I think we should ask npmjs to fix the warning message.
Thanks for reporting the issue!
This issue has been automatically marked as inactive because there hasn’t been much going on it lately. It is going to be closed after 7 days. Thanks!
This issue has been automatically marked as inactive because there hasn’t been much going on it lately. It is going to be closed after 7 days. Thanks!
This issue will be closed due to inactivity. Thanks for your contribution!
Most helpful comment
@gincheong When I checked the issue you registered, it seems to be due to the issue registered in npmjs below.
First, explaining this situation, there was a report from npmjs about XSS vulnerability. So, the Editor first added the
customHTMLSanitaizeroption in version 2.1.0 (let the user handle sanitizing manually). Later, in version 2.2.0, the default sanitizer function of the Editor was improved to remove the element that caused XSS.I think the reason npmjs registered the warning message is because it was applied in version 2.1.0. For now, you can ignore that message. But I think we should ask npmjs to fix the warning message.
Thanks for reporting the issue!