This module has the dependency chain find-node-modules => findup-sync@0.2.1 => glob@4.3.5 => minimatch@2.0.10. minimatch@2.0.10 is deprecated, and npm reports a potential security hole. If possible, please update the dependency to the latest version of findup-sync (0.4.1), which doesn't have this issue.

Sure, I'll try to get around to that soon! Alternatively, PR is welcome.