Advisories for Npm/Whereis package

Concatenating unsanitized user input in the whereis npm module allows an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead.