`tar`

Ecosystem:
npm

Package URL:
pkg:npm/tar

Total PRs:
15,782 Dependabot PRs

Latest PR:
1 day ago

Unique Repositories:
11,413 repositories

Unique Repos (30 days):
205 repositories

Security Advisories

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

GHSA-34x7-hfp2-rc4v CVE-2026-24842 HIGH published 4 months ago • updated 5 days ago

### Summary node-tar contains a vulnerability where the security check for hardlink entries uses different path resolution semantics than the actua...

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

GHSA-3jfq-g458-7qm9 CVE-2021-32804 HIGH published almost 5 years ago • updated about 4 hours ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `node-tar` aims to prevent extraction of absolute file pat...

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

GHSA-83g3-92jg-28cx CVE-2026-26960 HIGH published 3 months ago • updated 22 days ago

### Summary `tar.extract()` in Node `tar` allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to...

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

GHSA-5955-9wpr-37jh CVE-2021-37713 HIGH published over 4 years ago • updated about 4 hours ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location wo...

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

GHSA-r6q2-hw4h-h46w CVE-2026-23950 HIGH published 4 months ago • updated 5 days ago

**TITLE**: Race Condition in node-tar Path Reservations via Unicode Sharp-S (ß) Collisions on macOS APFS **AUTHOR**: Tomás Illuminati ### Details...

View all 14 advisories

Recent PRs

RSS Feed

Bump the npm_and_yarn group across 12 directories with 19 updates

Enterprise-CMCS/macpro-onemac #1649

4.4.19 → 7.5.15 Major PR

Open 1 day ago 1 comment

Bump the npm_and_yarn group across 5 directories with 9 updates

PCWProps/zapier-platform #5

6.2.1 → 7.5.15 Major PR

Closed 1 day ago 1 comment

chore(deps): bump tar from 7.5.2 to 7.5.15

midnightntwrk/midnight-docs #961

7.5.2 → 7.5.15 Patch PR

Open 1 day ago 1 comment

build(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates

Hookwarden/hookwarden #50

7.4.3 → 7.5.15 Minor PR

Open 1 day ago 4 comments

chore(deps)(deps): bump the npm-minor-patch group across 1 directory with 19 updates

palavido-dev/gratis-gis #134

7.5.13 → 7.5.15 Patch PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 18 updates

harpertoken/autofix #49

7.5.4 → removed

Closed 3 days ago 3 comments

Bump tar and expo

ClaytonPrebelli/appTrigono #1

removed Removal PR

Closed 3 days ago 1 comment

Bump the npm_and_yarn group across 16 directories with 20 updates

jcstein/next.js #21

4.4.10 → 7.5.11 Major PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 11 directories with 16 updates

Web3Auth/core #25

7.4.3 → 7.5.11 Minor PR

Closed 4 days ago 1 comment

Bump the npm_and_yarn group across 13 directories with 20 updates

jcstein/next.js #19

4.4.10 → 7.5.11 Major PR

Closed 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

GlacierEQ/langgraph #9

7.5.7 → 7.5.15 Patch PR

Open 4 days ago 4 comments

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates

Clawdi-AI/clawdi #126

7.5.13 → 7.5.15 Patch PR

Open 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 17 updates

c92d58/blog #2

7.5.2 → 7.5.15 Patch PR

Closed 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 11 updates

ComposioHQ/open-chatgpt-atlas #12

6.2.1 → 7.5.15 Major PR

Open 5 days ago 2 comments

Bump the npm_and_yarn group across 2 directories with 14 updates

MomenMushtaha/worldcup-betting #1

7.5.1 → 7.5.15 Patch PR

Closed 5 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

GlacierEQ/langgraphjs #10

7.5.9 → 7.5.11 Patch PR

Open 5 days ago 4 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates

cosmiccareer/terminai #13

7.5.2 → 7.5.11 Patch PR

Closed 5 days ago 1 comment

Bump the npm_and_yarn group across 4 directories with 27 updates

kinghua0629/chromium #11

6.1.12 → removed

Closed 6 days ago 2 comments

Bump the npm_and_yarn group across 1 directory with 8 updates

FortiShield/code-editor #11

6.2.0 → 6.2.1 Patch PR

Open 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 19 updates

DesarrolloORT/ngx-whats-new #68

6.2.1 → 7.5.15 Major PR

Closed 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 6 updates

SocialGouv/cdtn-admin #1681

6.2.1 → 7.5.11 Major PR

Closed 6 days ago 2 comments

Bump the npm_and_yarn group across 9 directories with 19 updates

Surfndez/next.js #15

4.4.10 → 7.5.11 Major PR

Closed 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 13 updates

ANIKROY11/berry #12

6.1.11 → 7.5.11 Major PR

Closed 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates

towan912/misskey #1

7.5.2 → 7.5.11 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 24 updates

EmiyaKiritsugu3/qwen-code #1

7.5.2 → 7.5.15 Patch PR

Closed 6 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 20 updates

alexcolls/qwen-code #34

7.5.2 → 7.5.15 Patch PR

Closed 7 days ago 1 comment

Bump the minor-and-patch group across 1 directory with 59 updates

jmars319/Align #3

7.5.13 → 7.5.15 Patch PR

Closed 7 days ago 1 comment

fix(deps): bump the npm group across 1 directory with 11 updates

nwutils/nw-builder #1596

7.5.13 → 7.5.15 Patch PR

Open 7 days ago 3 comments

build(deps): bump tar from 6.2.1 to 7.5.15

microlinkhq/www #2035

6.2.1 → 7.5.15 Major PR

Open 8 days ago 3 comments

chore(deps): bump tar from 4.4.19 to 7.5.15

dhis2-sre/im-web-client #793

4.4.19 → 7.5.15 Major PR

Closed 8 days ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 15 updates

HarleyCoops/openevals #5

7.4.3 → 7.5.15 Minor PR

Closed 8 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

7.4.3 → 7.5.11 Minor PR

Open 8 days ago 2 comments

chore(deps): bump the minor-and-patch group across 1 directory with 11 updates

Clawdi-AI/clawdi #106

7.5.13 → 7.5.15 Patch PR

Closed 8 days ago 2 comments

Bump tar from 6.2.1 to 7.5.15

FloSmt/TippApp #171

6.2.1 → 7.5.15 Major PR

Open 8 days ago 1 comment

Bump tar and @angular/cli in /frontend

philippgri11/SmartGarden #1

6.2.1 → 7.5.15 Major PR

Closed 9 days ago 1 comment

Bump the dependencies group across 1 directory with 9 updates

oyakh1/hiero-mirror-node--040 #21

7.5.13 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

nuxt-modules/og-image #612

7.5.7 → 7.5.15 Patch PR

Open 9 days ago 1 comment

chore(deps): bump the npm-dependencies group across 1 directory with 67 updates

84luska84/sega-cli #22

7.5.11 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

chore: Bump the npm_and_yarn group across 1 directory with 14 updates

facioquo/stock-charts #478

7.5.9 → 7.5.15 Patch PR

Closed 9 days ago 3 comments

Bump the dependencies group across 1 directory with 9 updates

oyakh1/hiero-mirror-node--044 #20

7.5.13 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

chore(deps): bump the npm-dependencies group across 1 directory with 68 updates

EveryOddPixel/Kimi-CLI #29

7.5.11 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 31 updates

Reality2byte/metamask-mobile #766

6.2.1 → 7.5.15 Major PR

Closed 9 days ago 1 comment

Bump the dependencies group across 1 directory with 9 updates

oyakh1/hiero-mirror-node--017 #20

7.5.13 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

Bump the npm_and_yarn group across 8 directories with 15 updates

Boo-hub33/vscode #1446

7.5.11 → 7.5.15 Patch PR

Closed 9 days ago 1 comment

Bump the npm_and_yarn group across 2 directories with 23 updates

dragonflycapital/gitpod #74

6.1.15 → 6.2.1 Minor PR

Closed 10 days ago 1 comment

build(deps): bump tar from 6.2.1 to 7.5.15

zendesk/docker-login-action #85

6.2.1 → 7.5.15 Major PR

Open 10 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 23 updates

Rytass/Utils #202

6.2.1 → 7.5.15 Major PR

Open 10 days ago 2 comments

build(deps): bump the npm-dependencies group with 68 updates

waqas-duck/gemini-cli #32

7.5.11 → 7.5.15 Patch PR

Closed 10 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

SAP/open-ux-tools #4693

6.2.1 → 7.5.15 Major PR

Open 10 days ago 2 comments

Bump the dependencies group across 1 directory with 8 updates

oyakh1/hiero-mirror-node--029 #20

7.5.13 → 7.5.15 Patch PR

Closed 10 days ago 1 comment

Package Details

Name:	`tar`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/tar`
JSON API:	View JSON

Security Advisories

14

Active advisories

HIGH 13

MODERATE 1

View All npm Advisories

Package Information

Description:

tar for node

Repository:	https://github.com/isaacs/node-tar
Homepage:	https://github.com/isaacs/node-tar#readme
Latest Release:	`7.4.3` almost 2 years ago
Dependent Repos:	3,179,743
Dependent Packages:	5,040
Downloads:	170,210,137
Ranking:	Top 0.0051% by dependent repos Top 0.0126% by downloads Top 0.0176% by dependent pkgs

PR Status

Open 6,173 (39.1%)

Merged 321 (2.0%)

Closed 9,128 (57.8%)

PR Types

Major 2,775 (17.6%)

Minor 4,768 (30.2%)

Patch 6,505 (41.2%)

Removal 1,337 (8.5%)