Jun 17th, 2016 The Node Security project released an advisory yesterday about the negotiator package, a dependency of Sails, Express, Socket.io, and Connect. tldr; Everything is cool. Neither Sails nor Socket.io touches the problematic code paths inside of the negotiatorpackage. And even though the warnings aren’t pertinent in this case, we know they’re still annoying for folks with automated builds, so the core team is working on taking care of them ASAP.