Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

@npmcli/arborist

Ecosystem:
npm
Package URL:
pkg:npm/@npmcli/arborist
Total PRs:
96 Dependabot PRs
Latest PR:
14 days ago
Unique Repositories:
26 repositories
Unique Repos (30 days):
1 repository
Security Advisories
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
GHSA-2h3h-q99f-3fhc CVE-2021-39134 HIGH published almost 5 years ago • updated about 9 hours ago
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
GHSA-gmw6-94gg-2rc2 CVE-2021-39135 HIGH published almost 5 years ago • updated about 9 hours ago
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
chore(deps): bump @npmcli/arborist from 9.4.1 to 9.4.2

webdeveric/validate-package-exports #54

9.4.1 → 9.4.2 Patch PR
Closed 3 months ago 1 comment
webdeveric
Bump @npmcli/arborist from 9.4.0 to 9.4.3 in /npm_and_yarn/helpers in the npm-dependencies group across 1 directory

dependabot/dependabot-core #14442

9.4.0 → 9.4.3 Patch PR
Closed 3 months ago 1 comment
dependabot
Bump the minor-patch-updates group across 1 directory with 93 updates

integritystl/generator-integrity #93

9.1.9 → 9.1.10 Patch PR
Closed 5 months ago 1 comment
integritystl
Bump the minor-patch-updates group across 1 directory with 88 updates

integritystl/generator-integrity #92

9.1.9 → 9.1.10 Patch PR
Closed 5 months ago 1 comment
integritystl
fix(deps): bump @npmcli/arborist from 9.1.7 to 9.1.8

arlac77/npm-pkgbuild #2692

9.1.7 → 9.1.8 Patch PR
Closed 7 months ago 2 comments
arlac77
chore(deps-dev): bump @npmcli/arborist from 9.1.4 to 9.1.6

AlexanderSkrock/camunda-modeler-code-editor #118

9.1.4 → 9.1.6 Patch PR
Closed 8 months ago 1 comment
AlexanderSkrock
chore(deps-dev): bump @npmcli/arborist from 9.1.4 to 9.1.5

SocketDev/socket-cli #776

9.1.4 → 9.1.5 Patch PR
Closed 9 months ago 2 comments
SocketDev
Package Details
Name: @npmcli/arborist
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/@npmcli/arborist
JSON API: View JSON
Security Advisories

2

Active advisories
HIGH 2
View All npm Advisories
Package Information
Description:

Manage node_modules trees

Repository: https://github.com/npm/cli
Homepage: https://github.com/npm/cli#readme
Latest Release: 9.1.1
about 1 year ago
Dependent Repos: 47,641
Dependent Packages: 113
Downloads: 13,061,668
Ranking: Top 0.1472% by dependent repos Top 0.1125% by downloads Top 0.369% by dependent pkgs
PR Status
Open 61 (63.5%)
Merged 12 (12.5%)
Closed 19 (19.8%)
PR Types
Major 28 (29.2%)
Minor 22 (22.9%)
Patch 42 (43.8%)