'hoek' version in package.json

I can’t understand why ‘npm i’ still uses hoek 2.16.3 or 2.x.x which are unsafe versions. Every time I upload an app to github, I have to adapt 'package-lock.json` to say hoek version is ‘5.0.3’ right now. 2 to 5 seems to me a big spread. Isn’t node open to change the routine or hasn’t anybody tried to convince them yet? :slight_smile: