Hi Vivek, thank you for the article, in my experience some steps you indicated are unnecessary.

To override a nested NPM dependency It's enough to

1. Add the "preinstall" script in the package.json

"scripts": {
    "preinstall": "npx npm-force-resolutions"
}

And the resolution version:

"resolutions": {
    "example": "4.2.1"
}

2. run "npm install"

There is no need to add to dev dependencies the non-vulnerable version or to delete the package-lock.json files.

Source: https://www.npmjs.com/package/npm-force-resolutions