Running npm audit against a project depending on Beachball 2.24.0 (the current latest release) reports high-severity security vulnerabilities in packages parse-url and parse-path: