New: now, with npm@6 you can directly run
npm audit fix
Old answer:
You should try to identify the problematic package’s name, and then run
npm install package-name
replacing package-name, obviously.
This will install the latest version of the package, and very often, the latest version has fixed the security issue. If you have a constraint on version (eg: 1.2), you can always try to:
npm install package-name@^1.2
and the latest patched version will be installed