It has a downstream dep of electron, whose current version has a security vulnerability. We're not using tape-run at all, so it should just be removed from package.json.