npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

[Security] for libnpm vulnerable dependency reported in npm audit

Hi, for latest libnpm 2.0.1 a vulnerable version of dependency npm-lifecycle was reported in npm audit. Could you please npm audit fix your package and publish to npm?

npm audit output follows:
High Arbitrary File Overwrite

Package tar

Patched in >=4.4.2

Dependency of npm

Path npm > libnpm > npm-lifecycle > node-gyp > tar

More info https://nodesecurity.io/advisories/803