Comparing version 1.0.3 to 2.0.0
@@ -14,6 +14,2 @@ // give it a tarball and a path, and it'll dump the contents | ||
// have to dump into a directory | ||
opts.type = "Directory" | ||
opts.Directory = true | ||
if (typeof opts !== "object") { | ||
@@ -25,2 +21,3 @@ opts = { path: opts } | ||
opts.path = opts.path || path.resolve("node-tar-extract") | ||
// have to dump into a directory | ||
opts.type = "Directory" | ||
@@ -52,5 +49,16 @@ opts.Directory = true | ||
} | ||
if (entry.type !== "Link") return | ||
entry.linkpath = entry.props.linkpath = | ||
path.join(opts.path, path.join("/", entry.props.linkpath)) | ||
if (entry.type === "Link") { | ||
entry.linkpath = entry.props.linkpath = path.join( | ||
opts.path, path.join("/", entry.props.linkpath) | ||
) | ||
} | ||
if (entry.props && entry.props.linkpath) { | ||
var linkpath = entry.props.linkpath | ||
// normalize paths that point outside the extraction root | ||
if (path.resolve(opts.path, linkpath).indexOf(opts.path) !== 0) { | ||
entry.props.linkpath = path.join(opts.path, path.join("/", linkpath)) | ||
} | ||
} | ||
}) | ||
@@ -77,2 +85,3 @@ | ||
// console.error("\nEEEE Extract End", me._fst.path) | ||
me.emit("finish") | ||
me.emit("end") | ||
@@ -79,0 +88,0 @@ me.emit("close") |
@@ -5,3 +5,3 @@ { | ||
"description": "tar for node", | ||
"version": "1.0.3", | ||
"version": "2.0.0", | ||
"repository": { | ||
@@ -8,0 +8,0 @@ "type": "git", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
163360
30
4508
1
23