Snyk reports hapi is vulnerable to a denial of service attack:

Denial of Service (DoS)

Medium severityNew
Vulnerable module: hapi
Introduced through: trailpack-hapi@2.2.0
Detailed paths and remediation

Introduced through: xxx-backend@0.0.1 › trailpack-hapi@2.2.0 › hapi@15.2.0
Remediation: No remediation path available.
Overview

hapi is an HTTP Server framework. Affected versions of the package are vulnerable to Denial of Service (DoS). A client can send a malformed accept-encoding header to the server, invoking an uncaught exception and may cause the server to crash or hang for long periods of time.