node security check just found a new vulnerability in passport-jwt which goes down to jsonwebtoken > joi > hoek.
https://nodesecurity.io/advisories/566