slack-node is vulnerable to CVE-2018-1000620 documented here and seems to be an abandoned project.
slack-node