Tried to install a third party node and this is what I get

From another thread, I am trying to install a node:

VLC remote control

The node isn't in the library, so I tried from the CLI.

This is what I get:

me@me-desktop:~/.node-red$ npm install vlc-rc-socket
npm WARN bootstrap@4.3.1 requires a peer of jquery@1.9.1 - 3 but none is installed. You must install peer dependencies yourself.
npm WARN node-red-contrib-ui-led@0.3.1 requires a peer of node-red-dashboard@2.14.x but none is installed. You must install peer dependencies yourself.
npm WARN node-red-project@0.0.1 No repository field.
npm WARN node-red-project@0.0.1 No license field.

+ vlc-rc-socket@0.0.1
added 1 package from 1 contributor and audited 1692 packages in 4.358s
found 13 vulnerabilities (3 low, 1 moderate, 9 high)
  run `npm audit fix` to fix them, or `npm audit` for details
me@me-desktop:~/.node-red$

What should I do in light of these messages?

9 HIGH in particular.

You should try the suggestions, particularly npm audit. This will give you detail of the vulnerability and the relevant package. Then you can decide what to do - maybe you don't need the package, or maybe look for an update, or maybe they're only a problem in Internet-facing scenarios.

You will continue to get that with everything you install with the CLI unless you do something to remove all of the vulnerabilities, but it's just something to be aware of, not necessarily change.

This is what I get:

me@me-desktop:~/.node-red$ npm audit
npm ERR! path /home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e
npm ERR! code EACCES
npm ERR! errno -13
npm ERR! syscall open
npm ERR! Error: EACCES: permission denied, open '/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e'
npm ERR!  { Error: EACCES: permission denied, open '/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e'
npm ERR!   cause: 
npm ERR!    { Error: EACCES: permission denied, open '/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e'
npm ERR!      errno: -13,
npm ERR!      code: 'EACCES',
npm ERR!      syscall: 'open',
npm ERR!      path: '/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e' },
npm ERR!   isOperational: true,
npm ERR!   stack: 'Error: EACCES: permission denied, open \'/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e\'',
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'open',
npm ERR!   path: '/home/me/.npm/index-v5/2b/b7/5605911c6e8a323c274c5905a25a7425d38df8289efa2b50cc0e37b1dd4e' }
npm ERR! 
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR! 
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator (though this is not recommended).

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/me/.npm/_logs/2019-11-13T06_18_36_379Z-debug.log
me@me-desktop:~/.node-red$ 

Oh, just in case I tried this too:

me@me-desktop:~/.node-red$ cd ..
me@me-desktop:~$ cd .npm
me@me-desktop:~/.npm$ ld
_cacache/  index-v5/  _locks/  _logs/  _prebuilds/
me@me-desktop:~/.npm$ npm audit
npm ERR! code EAUDITNOPJSON
npm ERR! audit No package.json found: Cannot audit a project without a package.json

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/me/.npm/_logs/2019-11-13T06_31_37_046Z-debug.log
me@me-desktop:~/.npm$ 

And this to conclude:

me@me-desktop:~/.npm$ cd _logs
me@me-desktop:~/.npm/_logs$ cat 2019-11-13T06_31_37_046Z-debug.log | less
me@me-desktop:~/.npm/_logs$ cat 2019-11-13T06_31_37_046Z-debug.log
0 info it worked if it ends with ok
1 verbose cli [ '/usr/bin/node', '/usr/bin/npm', 'audit' ]
2 info using npm@6.4.1
3 info using node@v8.16.2
4 verbose npm-session 4dbfaccb0d6f0345
5 verbose stack Error: No package.json found: Cannot audit a project without a package.json
5 verbose stack     at Bluebird.all.spread (/usr/lib/node_modules/npm/lib/audit.js:143:19)
5 verbose stack     at tryCatcher (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
5 verbose stack     at Promise._settlePromiseFromHandler (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:509:35)
5 verbose stack     at Promise._settlePromise (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
5 verbose stack     at Promise._settlePromise0 (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
5 verbose stack     at Promise._settlePromises (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:693:18)
5 verbose stack     at Promise._fulfill (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:638:18)
5 verbose stack     at PromiseArray._resolve (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:126:19)
5 verbose stack     at PromiseArray._promiseFulfilled (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:144:14)
5 verbose stack     at PromiseArray._iterate (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:114:31)
5 verbose stack     at PromiseArray.init [as _init] (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:78:10)
5 verbose stack     at Promise._settlePromise (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:566:21)
5 verbose stack     at Promise._settlePromise0 (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
5 verbose stack     at Promise._settlePromises (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:693:18)
5 verbose stack     at Promise._fulfill (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:638:18)
5 verbose stack     at PromiseArray._resolve (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:126:19)
6 verbose cwd /home/me/.npm
7 verbose Linux 4.15.0-66-generic
8 verbose argv "/usr/bin/node" "/usr/bin/npm" "audit"
9 verbose node v8.16.2
10 verbose npm  v6.4.1
11 error code EAUDITNOPJSON
12 error audit No package.json found: Cannot audit a project without a package.json
13 verbose exit [ 1, true ]
me@me-desktop:~/.npm/_logs$ 

If you're getting access errors, try running as sudo npm audit.

This is what I get:

me@me-desktop:~/.node-red$ sudo npm audit
[sudo] password for me: 
                                                                                
                       === npm audit security report ===                        
                                                                                
# Run  npm install node-red-contrib-influxdb@0.4.0  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-influxdb                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-influxdb > lodash                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update lodash --depth 6  to resolve 4 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-bigexec                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-bigexec > node-red-biglib > domain >        │
│               │ eventstore > async > lodash                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/782                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-bigexec                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-bigexec > node-red-biglib > domain >        │
│               │ eventstore > async > lodash                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-bt-presence                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-bt-presence > bt-presence > lodash          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-key-value-store                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-key-value-store > lowdb > lodash            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update eventstore --depth 4  to resolve 2 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-bigexec                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-bigexec > node-red-biglib > domain >        │
│               │ eventstore > lodash                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/782                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-bigexec                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-bigexec > node-red-biglib > domain >        │
│               │ eventstore > lodash                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update https-proxy-agent --depth 3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-web-push                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-web-push > web-push > https-proxy-agent     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1184                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Incorrect Handling of Non-Boolean Comparisons During         │
│               │ Minification                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ uglify-js                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.4.24                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-nools                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-nools > nools > uglify-js                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/39                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ uglify-js                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.6.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-nools                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-nools > nools > uglify-js                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/48                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-play-audio-file                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-play-audio-file > soundplayer > debug       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ mime                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 1.4.1 < 2.0.0 || >= 2.0.3                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-play-audio-file                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-play-audio-file > soundplayer > mime        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/535                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.12                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-pushsafer                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-pushsafer > node-base64-image > lodash      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 13 vulnerabilities (3 low, 1 moderate, 9 high) in 1692 scanned packages
  run `npm audit fix` to fix 8 of them.
  5 vulnerabilities require manual review. See the full report for details.
me@me-desktop:~/.node-red$ 

Haven't we been round this before? Don't worry about npm audit.
The access problems probably mean you installed some local nodes using sudo at some point in the past.

I agree we probably have "been round this before", but I have CRAFT disease.

I would prefer to err on the side of caution.

Sorry.

As I have passwords enabled on the edit screen and also to the best of my knowledge I don't have any ports open that aren't standard, I should be ok.

But I just want to be sure.