I came across scriptjs in a template that I am using and found that it has the following two dependencies with known security vulnerabilities. This was for version 2.5.7

package link - also submitted the issue there as well.
google-map-react/google-map-react#442 (comment)

/myapp/node_modules/scriptjs/vendor/jquery.js
↳ jquery 1.5.2 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969; http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute; jquery/jquery#2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

/myapp/node_modules/scriptjs/vendor/yui-utilities.js
↳ YUI 2.8.2r1 has known vulnerabilities: severity: high; CVE: CVE-2012-5882; http://www.cvedetails.com/cve/CVE-2012-5882/ severity: high; CVE: CVE-2012-5881; http://www.cvedetails.com/cve/CVE-2012-5881/ severity: medium; CVE: CVE-2010-4710; http://www.cvedetails.com/cve/CVE-2010-4710/ severity: high; CVE: CVE-2010-4208; http://www.cvedetails.com/cve/CVE-2010-4208/ severity: high; CVE: CVE-2010-4207; http://www.cvedetails.com/cve/CVE-2010-4207/