In fact, while I may be mistaken, it looks to me like you are currently serving binaries vulnerable to the exploit linked, which is known to be being attacked in the wild.
Your package-lock.json references electron 3.1.3, which was released at the end of January, while that vulnerability was only patched Feb 27. I think (but you should check) that 3.1.5 includes the patch. Edit: It doesn't. The only way to get this patch seems to be to update to Electron 5.x.
Your package-lock.json references electron 3.1.3, which was released at the end of January, while that vulnerability was only patched Feb 27. I think (but you should check) that 3.1.5 includes the patch. Edit: It doesn't. The only way to get this patch seems to be to update to Electron 5.x.