There is a moderate severity security issue with one of your dependencies (i.e., the path to the vuln serverless-localhost > rmdir > node.extend.

It looks like the easiest fix is to just stop using rmdir since it doesn't do much and hasn't been updated in quite a while. Let me know if you'd like me to submit a PR.

More info: https://npmjs.com/advisories/781