diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 60a44a5dd57739068f454a4181b58bb6709bde5a..5c5e91fb97d3d0d1cc71f88bfdccd22f67de4d53 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -60,7 +60,7 @@ jobs:
     name: Run audit-ci
     needs: prebuild
     runs-on: ubuntu-latest
-    timeout-minutes: 5
+    timeout-minutes: 15
     steps:
       - name: Checkout repo
         uses: actions/checkout@v2
diff --git a/package.json b/package.json
index ec4882bf17d5227f4d3d8195fa2be69679e9cfb2..7babaa8e267ebede5a63298ca0ca081fb9222a7e 100644
--- a/package.json
+++ b/package.json
@@ -75,8 +75,9 @@
     "browserslist": "^4.16.5",
     "safe-buffer": "^5.1.1",
     "vfile-message": "^2.0.2",
-    "argon2/@mapbox/node-pre-gyp/tar": "^6.1.9",
-    "path-parse": "^1.0.7"
+    "tar": "^6.1.9",
+    "path-parse": "^1.0.7",
+    "vm2": "^3.9.4"
   },
   "dependencies": {
     "@coder/logger": "1.1.16",
diff --git a/yarn.lock b/yarn.lock
index 410eb94154df307d3675a48d5d975ea6806da1bb..3015bb9aa8679eed1e56a50bd4d9f9014a36f573 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4534,7 +4534,7 @@ vfile@^4.0.0:
     unist-util-stringify-position "^2.0.0"
     vfile-message "^2.0.0"
 
-vm2@^3.9.3:
+vm2@^3.9.3, vm2@^3.9.4:
   version "3.9.5"
   resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.5.tgz#5288044860b4bbace443101fcd3bddb2a0aa2496"
   integrity sha512-LuCAHZN75H9tdrAiLFf030oW7nJV5xwNMuk1ymOZwopmuK3d2H4L1Kv4+GFHgarKiLfXXLFU+7LDABHnwOkWng==