Found 4 vulnerabilities on npm install

This is a result of the new npm version including the audit command.

It isn't some new issue with the Angular CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability in Angular, it's just that now npm is now warning you about vulnerabilities that already existed:

https://blog.npmjs.org/

Most of the issues stem from Karma, so it'd need to be fixed there for the Angular team to pull in a new Karma version karma-runner/karma#2994

If you have ran npm audit and got vulnerabilities, then you can have different scenarios:

Security vulnerabilities found with suggested updates

• Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.

• Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)

Security vulnerabilities found requiring manual review

• If security vulnerabilities are found, but no patches are available, the audit report will provide information about the vulnerability so you can investigate further.

Source: Reviewing and acting on the security audit report

Even after running npm audit fix if it is not fixed, then to proceed I think you should Turn off npm audit. Use below command to turn off npm audit.

when installing a single package.

npm install example-package-name --no-audit

To turn off npm audit when installing all packages

npm set audit false

it will set the audit setting to false in your user and global npmrc config files.

for reference visit : turn-off-npm-audit

Hope it will help and you can proceed to your work :) Happy codding