4chan XT is a script that adds various features to anonymous imageboards.
I only get the Rollup one. Are you on the latest version?
Looking at the Rollup vulnerability, it happens when import.meta.url is used in the script content and gets turned into document.currentScript, and then gets used as a script source. Which isn't applicable to 4chan XT.
I'll update Rollup in a later version to get rid of the warning. If you're worried about XT, you can build with a newer version of Rollup locally and compare the output to the current script.
So, I'm not a dev or anything, but when building I got hit with some info about 6 vulnerabilities, 1 of which npm audit fix...fixed. Agaain, not a dev, but what's the deal?