[BUG] Confusing vulnerability status

[fbricon]

Describe the bug I checked out the latest code from https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension (master). First, running npm i gives me:

found 25 vulnerabilities (11 moderate, 12 high, 2 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

That includes 2 vulnerable non-dev dependencies:

But then in vscode, package.json is analyzed and the status check tells me everything is fine. Until I actually open the report where I can see some vulnerabilities:

I didn't see a popup warning me about them either.

Expected behavior If there are vulnerabilities, they should be reported to the user

VSCode(please complete the following information):

• OS: macOS 11.2.1
• VSCode version 1.57.1
• Dependency Analytics Version 0.3.3