Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

@npmcli/arborist

Ecosystem:
npm
Package URL:
pkg:npm/@npmcli/arborist
Total PRs:
96 Dependabot PRs
Latest PR:
12 days ago
Unique Repositories:
26 repositories
Unique Repos (30 days):
1 repository
Security Advisories
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
GHSA-2h3h-q99f-3fhc CVE-2021-39134 HIGH published almost 5 years ago • updated 2 days ago
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
GHSA-gmw6-94gg-2rc2 CVE-2021-39135 HIGH published almost 5 years ago • updated 2 days ago
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `@npmcli/arborist`, the library that calculates dependency...
Recent PRs (filtered by: Major PRs )
RSS Feed Clear filter
Bump the npm-dependencies group across 1 directory with 3 updates

yeikel/dependabot-core #131

8.0.0 → 9.1.6 Major PR
Closed 8 months ago 1 comment
yeikel
Bump the npm-dependencies group across 1 directory with 3 updates

dependabot/dependabot-core #13280

8.0.0 → 9.1.6 Major PR
Open 8 months ago 5 comments
dependabot
Bump the major-updates group across 1 directory with 90 updates

integritystl/generator-integrity #69

7.5.4 → 9.1.5 Major PR
Closed 9 months ago 1 comment
integritystl
chore: bump @npmcli/arborist from 8.0.1 to 9.1.5

zkat/pacote-old #208

8.0.1 → 9.1.5 Major PR
Open 9 months ago 1 comment
zkat
chore: bump @npmcli/arborist from 8.0.1 to 9.1.4

zkat/pacote-old #204

8.0.1 → 9.1.4 Major PR
Open 10 months ago 1 comment
zkat
Bump @npmcli/arborist from 4.3.1 to 9.1.4

Skyflash/skyflash.github.io #266

4.3.1 → 9.1.4 Major PR
Closed 10 months ago 1 comment
Skyflash
Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates

yeikel/dependabot-core #93

8.0.0 → 9.1.3 Major PR
Open 10 months ago 1 comment
yeikel
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

whartondylan/Dependabot #22

8.0.0 → 9.1.3 Major PR
Open 10 months ago
whartondylan
Bump the npm-dependencies group across 1 directory with 2 updates

yeikel/dependabot-core #56

8.0.0 → 9.1.3 Major PR
Closed 10 months ago 3 comments
yeikel
Bump the npm-dependencies group across 1 directory with 2 updates

dependabot/dependabot-core #12771

8.0.0 → 9.1.3 Major PR
Open 11 months ago
dependabot
Bump the npm-dependencies group across 1 directory with 2 updates

Familyfirst4/dependabot-core #337

8.0.0 → 9.1.3 Major PR
Open 11 months ago
Familyfirst4
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

Safe-app-eth/dependabot-core #6

8.0.0 → 9.1.3 Major PR
Merged 11 months ago
Safe-app-eth
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

yeikel/dependabot-core #34

8.0.0 → 9.1.3 Major PR
Closed 11 months ago 1 comment
yeikel
chore: bump @npmcli/arborist from 8.0.1 to 9.1.3

zkat/pacote-old #197

8.0.1 → 9.1.3 Major PR
Open 11 months ago 1 comment
zkat
Bump @npmcli/arborist from 4.3.1 to 9.1.3

Skyflash/skyflash.github.io #262

4.3.1 → 9.1.3 Major PR
Open 11 months ago
Skyflash
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

Familyfirst4/dependabot-core #278

8.0.0 → 9.1.2 Major PR
Closed 11 months ago 1 comment
Familyfirst4
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

Ronel0810/Ruby_bot #15

8.0.0 → 9.1.2 Major PR
Open 12 months ago
Ronel0810
chore: bump @npmcli/arborist from 8.0.0 to 9.1.2

zkat/pacote-old #189

8.0.0 → 9.1.2 Major PR
Open about 1 year ago 1 comment
zkat
chore: bump @npmcli/arborist from 8.0.0 to 9.1.1

zkat/pacote-old #187

8.0.0 → 9.1.1 Major PR
Open about 1 year ago 1 comment
zkat
chore: bump @npmcli/arborist from 8.0.0 to 9.1.0

zkat/pacote-old #186

8.0.0 → 9.1.0 Major PR
Open about 1 year ago 1 comment
zkat
Bump @npmcli/arborist from 4.3.1 to 9.1.0

Skyflash/skyflash.github.io #252

4.3.1 → 9.1.0 Major PR
Open about 1 year ago
Skyflash
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

roseteromeo56/dependabot-core #9

8.0.0 → 9.0.2 Major PR
Merged about 1 year ago
roseteromeo56
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

awfixer-org/dependabot-dev #7

8.0.0 → 9.0.2 Major PR
Open about 1 year ago
awfixer-org
Bump @npmcli/arborist from 4.3.1 to 9.0.2

Skyflash/skyflash.github.io #245

4.3.1 → 9.0.2 Major PR
Closed about 1 year ago 1 comment
Skyflash
chore: bump @npmcli/arborist from 8.0.0 to 9.0.2

zkat/pacote-old #184

8.0.0 → 9.0.2 Major PR
Closed about 1 year ago 2 comments
zkat
Bump the npm-dependencies group across 1 directory with 3 updates

dependabot/dependabot-core #11769

8.0.0 → 9.0.1 Major PR
Open over 1 year ago 1 comment
dependabot
Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

Shiba1204/dependabot-core #14

8.0.0 → 9.0.0 Major PR
Open over 1 year ago 13 comments
Shiba1204
build(deps): bump @npmcli/arborist from 5.2.3 to 6.2.4 in /npm_and_yarn/helpers

Familyfirst4/dependabot-core #261

5.2.3 → 6.2.4 Major PR
Closed over 3 years ago 2 comments
Familyfirst4
Package Details
Name: @npmcli/arborist
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/@npmcli/arborist
JSON API: View JSON
Security Advisories

2

Active advisories
HIGH 2
View All npm Advisories
Package Information
Description:

Manage node_modules trees

Repository: https://github.com/npm/cli
Homepage: https://github.com/npm/cli#readme
Latest Release: 9.1.1
about 1 year ago
Dependent Repos: 47,641
Dependent Packages: 113
Downloads: 13,061,668
Ranking: Top 0.1472% by dependent repos Top 0.1125% by downloads Top 0.369% by dependent pkgs
PR Status
Open 61 (63.5%)
Merged 12 (12.5%)
Closed 19 (19.8%)
PR Types
Major 28 (29.2%)
Minor 22 (22.9%)
Patch 42 (43.8%)