Check alerts pointing to files within node_modules (retireJS)

Some issues generated by RetireJS are pointing to files within node_modules. We must investigate and fix that.

If the vuln is linked to a node_module, then it should point to the package-lock.json or yarn.lock file instead.

Other possibility: retire is scanning the node_modules as if it was part of the source code. It shouldn't.