Hi and happy new year,

This could be a false positive, but for the record I am sharing this upstream,
feel free to comment and close then I will update:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977736

FYI iotjs is gone for debian because of 40 CVE

https://security-tracker.debian.org/tracker/source-package/iotjs

https://tracker.debian.org/pkg/iotjs

Is the project no more maintained ? if no more may it be transfered to @abandoware org