`@npmcli/arborist`

Ecosystem:
npm

Package URL:
pkg:npm/@npmcli/arborist

Total PRs:
96 Dependabot PRs

Latest PR:
13 days ago

Unique Repositories:
26 repositories

Unique Repos (30 days):
1 repository

Security Advisories

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

GHSA-2h3h-q99f-3fhc CVE-2021-39134 HIGH published almost 5 years ago • updated about 10 hours ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...

UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

GHSA-gmw6-94gg-2rc2 CVE-2021-39135 HIGH published almost 5 years ago • updated about 10 hours ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...

Recent PRs (filtered by: Open , Patch PRs )

RSS Feed Clear filter

chore(deps): bump the dependencies group with 2 updates

NodeSecure/scanner #726

9.4.2 → 9.4.3 Patch PR

Open about 1 month ago 2 comments

fix(deps): bump @npmcli/arborist from 9.4.2 to 9.4.3

arlac77/npm-pkgbuild #2881

9.4.2 → 9.4.3 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump @npmcli/arborist from 9.4.0 to 9.4.1 in the dependencies group

NodeSecure/scanner #683

9.4.0 → 9.4.1 Patch PR

Open 3 months ago 2 comments

chore(deps): bump the dependencies group with 2 updates

NodeSecure/scanner #630

9.1.9 → 9.1.10 Patch PR

Open 5 months ago 2 comments

Bump the npm-dependencies group across 1 directory with 11 updates

brisbanesocialchess/brisbanesocialchess.github.io #933

9.1.9 → 9.1.10 Patch PR

Open 5 months ago 5 comments

fix(deps): bump @npmcli/arborist from 9.1.9 to 9.1.10

arlac77/npm-pkgbuild #2778

9.1.9 → 9.1.10 Patch PR

Open 5 months ago 1 comment

Bump the npm-dependencies group across 1 directory with 16 updates

brisbanesocialchess/brisbanesocialchess.github.io #923

9.1.6 → 9.1.9 Patch PR

Open 5 months ago 6 comments

Bump @npmcli/arborist from 9.1.8 to 9.1.9

hypothesis/client #7472

9.1.8 → 9.1.9 Patch PR

Open 6 months ago 2 comments

Bump the npm-dependencies group across 1 directory with 15 updates

brisbanesocialchess/brisbanesocialchess.github.io #910

9.1.6 → 9.1.9 Patch PR

Open 6 months ago 6 comments

Bump the npm-dependencies group across 1 directory with 11 updates

brisbanesocialchess/brisbanesocialchess.github.io #902

9.1.6 → 9.1.8 Patch PR

Open 7 months ago 5 comments

Bump the npm-dependencies group across 1 directory with 10 updates

brisbanesocialchess/brisbanesocialchess.github.io #900

9.1.6 → 9.1.7 Patch PR

Open 7 months ago 5 comments

chore(deps): bump the dependencies group across 1 directory with 5 updates

NodeSecure/scanner #537

9.1.5 → 9.1.6 Patch PR

Open 8 months ago 1 comment

chore(deps-dev): bump @npmcli/arborist from 9.1.4 to 9.1.5

AlexanderSkrock/camunda-modeler-code-editor #112

9.1.4 → 9.1.5 Patch PR

Open 8 months ago

chore(deps): bump the dependencies group across 1 directory with 5 updates

NodeSecure/scanner #525

9.1.4 → 9.1.5 Patch PR

Open 9 months ago

fix(deps): bump @npmcli/arborist from 9.1.4 to 9.1.5

arlac77/npm-pkgbuild #2612

9.1.4 → 9.1.5 Patch PR

Open 9 months ago 2 comments

chore(deps): bump @npmcli/arborist from 9.1.3 to 9.1.4

tegojs/tego #881

9.1.3 → 9.1.4 Patch PR

Open 9 months ago

chore(deps): bump the dependencies group with 3 updates

NodeSecure/scanner #519

9.1.3 → 9.1.4 Patch PR

Open 9 months ago 1 comment

Bump the npm-dependencies group across 1 directory with 2 updates

Safe-app-eth/dependabot-core #63

9.1.3 → 9.1.4 Patch PR

Open 9 months ago

Bump @npmcli/arborist from 9.1.3 to 9.1.4 in the npm-dependencies group across 1 directory

brisbanesocialchess/brisbanesocialchess.github.io #560

9.1.3 → 9.1.4 Patch PR

Open 10 months ago 1 comment

fix(deps): bump @npmcli/arborist from 9.1.3 to 9.1.4

arlac77/npm-pkgbuild #2568

9.1.3 → 9.1.4 Patch PR

Open 10 months ago 1 comment

chore(deps): bump the dependencies group with 4 updates

NodeSecure/scanner #507

9.1.2 → 9.1.3 Patch PR

Open 11 months ago 2 comments

chore(deps): bump @npmcli/arborist from 9.1.2 to 9.1.3

tegojs/tego #751

9.1.2 → 9.1.3 Patch PR

Open 11 months ago

chore(deps-dev): bump @npmcli/arborist from 9.1.1 to 9.1.3

AlexanderSkrock/camunda-modeler-code-editor #79

9.1.1 → 9.1.3 Patch PR

Open 11 months ago

Bump the npm-dependencies group across 1 directory with 3 updates

roseteromeo56/dependabot-core #121

9.1.2 → 9.1.3 Patch PR

Open 11 months ago

Bump @npmcli/arborist from 9.1.1 to 9.1.2

hypothesis/client #7165

9.1.1 → 9.1.2 Patch PR

Open about 1 year ago

Bump the npm-dependencies group across 1 directory with 2 updates

roseteromeo56/dependabot-core #65

9.1.1 → 9.1.2 Patch PR

Open about 1 year ago

chore(deps): bump @npmcli/arborist from 9.1.0 to 9.1.1 in the dependencies group

NodeSecure/scanner #386

9.1.0 → 9.1.1 Patch PR

Open about 1 year ago 1 comment

Package Details

Name:	`@npmcli/arborist`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/@npmcli/arborist`
JSON API:	View JSON

Security Advisories

2

Active advisories

HIGH 2

View All npm Advisories

Package Information

Description:

Manage node_modules trees

Repository:	https://github.com/npm/cli
Homepage:	https://github.com/npm/cli#readme
Latest Release:	`9.1.1` about 1 year ago
Dependent Repos:	47,641
Dependent Packages:	113
Downloads:	13,061,668
Ranking:	Top 0.1472% by dependent repos Top 0.1125% by downloads Top 0.369% by dependent pkgs

PR Status

Open 61 (63.5%)

Merged 12 (12.5%)

Closed 19 (19.8%)

PR Types

Major 28 (29.2%)

Minor 22 (22.9%)

Patch 42 (43.8%)