npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

vulnerabilyt fix required npm@6.10.0 dependency @ tar package

Package: tar
current npm@6.10.0 installed tar version: 2.2.2
Fix Version: 4.4.2 (Upgrade package tar to version 4.4.2or above.)
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file.

Reference Link: