First things first, please don’t rely on npm’s audit. I won’t dive into specific unless people really care to know, but simply put it’s a pointless system that only accounts for 33% of a problem and cause false sense of (or lack of) security.
First things I need to ask:
- What node version do you have
- What npm version do you have
- Are you using yarn
This to me looks like someone ran an npm audit --fix which resolved package versions that had breaking changes or you are missing some depends for the libvips depends from Sharp (usually requires that you have python installed).
Keep in mind I very very rarely use windows anymore (Linux Mint for the win) but I cannot reproduce this issue on my Windows 10 box.