`tar`

Ecosystem:
npm

Package URL:
pkg:npm/tar

Total PRs:
13,181 Dependabot PRs

Latest PR:
about 3 hours ago

Unique Repositories:
10,085 repositories

Unique Repos (30 days):
1,909 repositories

Security Advisories

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

GHSA-8qq5-rm4j-mr97 CVE-2026-23745 HIGH published about 2 months ago • updated 7 days ago

### Summary The `node-tar` library (`<= 7.5.2`) fails to sanitize the `linkpath` of `Link` (hardlink) and `SymbolicLink` entries when `preservePat...

tar has Hardlink Path Traversal via Drive-Relative Linkpath

GHSA-qffp-2rhf-9h96 HIGH published 6 days ago • updated 6 days ago

### Summary `tar` (npm) can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target ...

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

GHSA-qq89-hq3f-393p CVE-2021-37712 HIGH published over 4 years ago • updated 1 day ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location wou...

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

GHSA-5955-9wpr-37jh CVE-2021-37713 HIGH published over 4 years ago • updated 1 day ago

### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location wo...

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

GHSA-83g3-92jg-28cx CVE-2026-26960 HIGH published 21 days ago • updated 7 days ago

### Summary `tar.extract()` in Node `tar` allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to...

View all 13 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump the all group across 1 directory with 67 updates

microsoft/vscode-copilot-chat #4341

7.5.8 → 7.5.11 Patch PR

Open about 3 hours ago 2 comments

Bump the npm_and_yarn group across 1 directory with 4 updates

pulibrary/tigerdata-app #2461

7.5.6 → 7.5.11 Patch PR

Closed about 4 hours ago 1 comment

Bump tar from 7.5.9 to 7.5.11

Orlando0409/Asada-Juan-Diaz-Informativa #38

7.5.9 → 7.5.11 Patch PR

Open about 6 hours ago 3 comments

Bump the npm_and_yarn group across 5 directories with 24 updates

ammar-knowledge/storybook #462

6.2.0 → 6.2.1 Patch PR

Open about 6 hours ago 3 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

andrei2699/Test-Prism #111

7.5.9 → 7.5.11 Patch PR

Closed about 6 hours ago 1 comment

chore(deps): bump tar from 7.5.7 to 7.5.10

langchain-ai/langgraphjs #2045

7.5.7 → 7.5.10 Patch PR

Open about 7 hours ago 2 comments

chore(deps): bump the npm-minor-patch group with 35 updates

Fox-block-offcial/VoiceHub-11zhong-d70eb #2

7.5.10 → 7.5.11 Patch PR

Open about 20 hours ago 2 comments

chore(deps): bump the npm_and_yarn group across 6 directories with 18 updates

HeadyMe/Heady-pre-production-9f2f0642 #90

7.5.9 → 7.5.11 Patch PR

Open about 24 hours ago 2 comments

Bump tar from 7.5.9 to 7.5.11

johnhelmuth/cluster-map #105

7.5.9 → 7.5.11 Patch PR

Open about 24 hours ago 2 comments

Bump tar from 7.5.9 to 7.5.11

navikt/veilarbvisittkortfs #914

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 1 comment

npm(deps): bump tar from 7.5.10 to 7.5.11

Chloemlla/Happy-TTS #511

7.5.10 → 7.5.11 Patch PR

Open 1 day ago 3 comments

build(deps): bump tar from 7.5.9 to 7.5.11 in the production-dependencies group

r-near/near-kit #163

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 1 comment

build(deps): bump the npm_and_yarn group across 5 directories with 9 updates

globe-and-citizen/cnc-portal #1657

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 1 comment

Bump tar from 7.5.9 to 7.5.11

Valthre/Arcana #2

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 2 comments

Bump the npm_and_yarn group across 1 directory with 4 updates

pulibrary/tigerdata-app #2455

7.5.6 → 7.5.11 Patch PR

Closed 1 day ago 3 comments

chore(deps): bump the npm-deps group across 1 directory with 8 updates

hiero-ledger/solo #3523

7.5.9 → 7.5.10 Patch PR

Open 1 day ago 5 comments

Bump tar from 7.5.7 to 7.5.10 in /packages/local-build-plugin

expo/eas-cli #3480

7.5.7 → 7.5.10 Patch PR

Open 1 day ago 1 comment

deps(deps): bump the other-deps group across 1 directory with 59 updates

vox-celeste/bloodletter #16

7.5.7 → 7.5.11 Patch PR

Open 1 day ago 1 comment

chore(deps): bump tar from 7.5.9 to 7.5.11

hiero-ledger/solo #3521

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 15 comments

Build(deps): bump the npm_and_yarn group across 1 directory with 3 updates

3lvia/designsystem #4008

7.5.9 → 7.5.11 Patch PR

Closed 1 day ago 3 comments

deps(deps): bump the other-dependencies group across 1 directory with 24 updates

alderichoarau/alderichoarau.github.io #128

7.5.9 → 7.5.11 Patch PR

Open 1 day ago 1 comment

build(deps): bump the npm_and_yarn group across 6 directories with 4 updates

AKJUS/Folo #473

7.5.7 → 7.5.10 Patch PR

Open 2 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

WSP001/SirTrav-A2A-Studio #24

7.5.9 → 7.5.10 Patch PR

Closed 2 days ago 2 comments

build(deps): bump tar from 7.5.9 to 7.5.10

vyas0189/vyas #319

7.5.9 → 7.5.10 Patch PR

Open 2 days ago 1 comment

chore(deps): bump tar from 7.5.1 to 7.5.10 in the npm_and_yarn group across 1 directory

kcbrewron/contentful-blog-svelte #5

7.5.1 → 7.5.10 Patch PR

Open 2 days ago 1 comment

Bump tar from 7.5.9 to 7.5.10

simjeeh/portfolio #35

7.5.9 → 7.5.10 Patch PR

Closed 2 days ago 2 comments

chore(deps): bump tar from 7.5.7 to 7.5.10 in /application

Geek-Teck-Mentors/trend_diary #540

7.5.7 → 7.5.10 Patch PR

Open 3 days ago 1 comment

Bump tar from 7.5.7 to 7.5.10

neeharavula/portfolio #44

7.5.7 → 7.5.10 Patch PR

Closed 3 days ago 1 comment

chore(deps): bump tar from 7.5.9 to 7.5.10

yosse95ai/yosse95ai.github.io #22

7.5.9 → 7.5.10 Patch PR

Open 3 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

mattycraig/nuxt-theme-builder #15

7.5.9 → 7.5.10 Patch PR

Open 3 days ago 3 comments

build(deps): bump tar from 7.5.9 to 7.5.10 in the npm_and_yarn group across 1 directory

bervProject/my-personal-web #2015

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 1 comment

Bump tar from 7.5.3 to 7.5.10 in /nuxt-ui-plugin-101

gouthamrangarajan/Vuejs #987

7.5.3 → 7.5.10 Patch PR

Closed 4 days ago 1 comment

build(deps): bump tar and supabase

danblock97/clutch-gg #227

7.5.9 → 7.5.10 Patch PR

Closed 4 days ago 1 comment

Bump tar from 7.5.9 to 7.5.10

K4mD4m/IdeaForge #17

7.5.9 → 7.5.10 Patch PR

Closed 4 days ago 1 comment

build(deps-dev): bump the npm_and_yarn group across 1 directory with 1 update

zuplo/zudoku #2122

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 1 comment

build(deps-dev): bump tar from 7.5.9 to 7.5.10 in /packages/create-zudoku in the npm_and_yarn group across 1 directory

zuplo/zudoku #2121

7.5.9 → 7.5.10 Patch PR

Closed 4 days ago 2 comments

Bump the npm_and_yarn group across 22 directories with 4 updates

alialobidm/react #57

2.2.1 → 2.2.2 Patch PR

Open 4 days ago 3 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 69 updates

IsSmallPigPig/TXTech_Voice #5

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 61 updates

yang-12345/VoiceHub #4

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group with 61 updates

caoyue0807/VoiceHub-3f470 #3

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm-minor-patch group with 61 updates

laoshuikaixue/VoiceHub #204

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group with 61 updates

LDONT123/VoiceHub #3

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 83 updates

weiyb852/VoiceHub-e7cc6 #6

7.5.7 → 7.5.10 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm-minor-patch group across 1 directory with 81 updates

weiyb852/VoiceHub-14c06 #6

7.5.7 → 7.5.10 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 83 updates

weiyb852/VoiceHub-8afce #6

7.5.7 → 7.5.10 Patch PR

Open 4 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 3 updates

EL-HOUSS-BRAHIM/v0-call-fllow #2

7.5.6 → 7.5.10 Patch PR

Open 4 days ago 1 comment

Bump the npm_and_yarn group across 54 directories with 7 updates

keito4/extensions #103

7.5.7 → 7.5.10 Patch PR

Closed 4 days ago 1 comment

Bump the npm_and_yarn group across 26 directories with 3 updates

cptthura-alt/react #55

2.2.1 → 2.2.2 Patch PR

Closed 4 days ago 1 comment

build(deps): bump the npm_and_yarn group across 2 directories with 2 updates

fabriziosalmi/Silicon-Studio #1

7.5.9 → 7.5.10 Patch PR

Closed 4 days ago 1 comment

Bump tar from 7.5.9 to 7.5.10

hashintel/hash #8516

7.5.9 → 7.5.10 Patch PR

Open 4 days ago 4 comments

Package Details

Name:	`tar`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/tar`
JSON API:	View JSON

Security Advisories

13

Active advisories

HIGH 12

MODERATE 1

View All npm Advisories

Package Information

Description:

tar for node

Repository:	https://github.com/isaacs/node-tar
Homepage:	https://github.com/isaacs/node-tar#readme
Latest Release:	`7.4.3` over 1 year ago
Dependent Repos:	3,179,743
Dependent Packages:	5,040
Downloads:	170,210,137
Ranking:	Top 0.0051% by dependent repos Top 0.0126% by downloads Top 0.0176% by dependent pkgs

PR Status

Open 5,336 (40.5%)

Merged 321 (2.4%)

Closed 7,363 (55.9%)

PR Types

Removal 1,203 (9.1%)

Minor 4,285 (32.5%)

Major 2,186 (16.6%)

Patch 5,146 (39.0%)