tar - npm Package Compare versions
Comparing version 1.0.3 to 2.0.0
@@ -14,6 +14,2 @@ // give it a tarball and a path, and it'll dump the contents | ||
| // have to dump into a directory | ||
| opts.type = "Directory" | ||
| opts.Directory = true | ||
| if (typeof opts !== "object") { | ||
@@ -25,2 +21,3 @@ opts = { path: opts } | ||
| opts.path = opts.path || path.resolve("node-tar-extract") | ||
| // have to dump into a directory | ||
| opts.type = "Directory" | ||
@@ -52,5 +49,16 @@ opts.Directory = true | ||
| } | ||
| if (entry.type !== "Link") return | ||
| entry.linkpath = entry.props.linkpath = | ||
| path.join(opts.path, path.join("/", entry.props.linkpath)) | ||
| if (entry.type === "Link") { | ||
| entry.linkpath = entry.props.linkpath = path.join( | ||
| opts.path, path.join("/", entry.props.linkpath) | ||
| ) | ||
| } | ||
| if (entry.props && entry.props.linkpath) { | ||
| var linkpath = entry.props.linkpath | ||
| // normalize paths that point outside the extraction root | ||
| if (path.resolve(opts.path, linkpath).indexOf(opts.path) !== 0) { | ||
| entry.props.linkpath = path.join(opts.path, path.join("/", linkpath)) | ||
| } | ||
| } | ||
| }) | ||
@@ -77,2 +85,3 @@ | ||
| // console.error("\nEEEE Extract End", me._fst.path) | ||
| me.emit("finish") | ||
| me.emit("end") | ||
@@ -79,0 +88,0 @@ me.emit("close") |
@@ -5,3 +5,3 @@ { | ||
| "description": "tar for node", | ||
| "version": "1.0.3", | ||
| "version": "2.0.0", | ||
| "repository": { | ||
@@ -8,0 +8,0 @@ "type": "git", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by9.12%
163360
- Number of package files
- increased by7.14%
30
- Lines of code
- increased by2.9%
4508
- Number of medium supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Number of low supply chain risk alerts
- increased by9.52%
23