Hardened node developer here : long story short, nothing to worry about.
NPM security warnings are completely broken, they have a near 100% false positive rate (technically, the "vulnerable" dependency is here, but the flaw is, in literally all instances I have seen, not exploitable). An interesting read about this if you want : https://overreacted.io/npm-audit-broken-by-design/
However, I ran the command cloudron login again and now it suddenly works. So I'm not sure, maybe I had ran the update (I know I did for a fact) but perhaps it wasn't recognized until my computer had restarted over the holidays here. Something strange, but it's all good now it seems. 🙂