Hit enter to search

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI


GitHub security team has identified several highseverity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI.

Node.js package tar remains a core dependency for installers that need to unpack npm packages postinstallation. The package is also used by thousands of other open source projects, and as such receives roughly 20 million downloads every week.