found 3 vulnerabilities (2 low, 1 high)

[PrabhanshuAttri]

npm audit shows found 3 vulnerabilities (2 low, 1 high)

Created an issue in html-minifier

[tomap]

Those bugs are already fixed, we just need to publish a new version
You can check with by setting the version in you package.json to "hexojs/hexo-html-minifier"
See
https://docs.npmjs.com/files/package.json#github-urls

[ILAsoft]

To further explain the last comment - until an official release is made and issue is properly resolved, you can still use the latest (fixed) code to bypass this issue - simply change package.json from the current

"hexo-html-minifier": "0.0.2",

to

"hexo-html-minifier": "hexojs/hexo-html-minifier"

And run the usual "npm upgrade"

[tomap]

However, an official release would be nice @hexojs/core ?

[floydpink]

+1 for publishing a release

[tomap]

@yoshinorin could you publish a v1? (maybe after droping support for node 6 hexojs/hexo#3508 )

[yoshinorin]

@tomap
I totally agree with drop Node.js v6 & publish this plugin v1.
But, I haven't permission to publish npm...

PS.
I wrote hexo-renderer-marked releases & its release news. But, npm publisher is @JLHwung

[tomap]

in the meantime, you can replace

    "hexo-html-minifier": "0.0.2",

with

"hexo-html-minifier": "hexojs/hexo-html-minifier",

in your package.json

[curbengh]

#33