I see in your github branch that you have a dependency on tar@^6.1.12, but the actual published node-ninja@1.0.2 still has a dependency of tar@^2.0.0. Perhaps you had a mishap when publishing this package or you haven't yet published a new release.
Would you be able to publish a new release for this package? This is to address a security vulernability reported by npm:
tar <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
No fix available
I see in your github branch that you have a dependency on
tar@^6.1.12, but the actual publishednode-ninja@1.0.2still has a dependency oftar@^2.0.0. Perhaps you had a mishap when publishing this package or you haven't yet published a new release.Would you be able to publish a new release for this package? This is to address a security vulernability reported by npm: