Yup, this definitely makes sense but I do want to point out that having vulnerabilities in your packages does not prevent you from working. NPM is just providing the warnings to you so that you are aware of the problems.
I can also see, in your situation, why you would want to prevent the messages. If it's not your place to fix it then why even bother with the messages, right?
Thanks for sharing.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.