All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
http-server-node project http-server-node