The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
vulnerabilyt fix required firstname.lastname@example.org dependency @ tar package
current email@example.com installed tar version: 2.2.2
Fix Version: 4.4.2 (Upgrade package tar to version 4.4.2or above.)
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file.