tippy.js has public archive label and has not been updated for 3 years

tippy.js has a public archive label and hasn’t been updated for three years. As a result, it will not receive security updates if a vulnerability will be discovered in the library. Is there a way to replace this package with an alternative?