You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
tar - npm Package Compare versions
@@ -1,2 +0,2 @@ | ||
| export declare const stripAbsolutePath: (path: string) => string[]; | ||
| export declare const stripAbsolutePath: (path: string) => [string, string]; | ||
| //# sourceMappingURL=strip-absolute-path.d.ts.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"strip-absolute-path.d.ts","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,aAgB7C,CAAA"} | ||
| {"version":3,"file":"strip-absolute-path.d.ts","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,KAAG,CAAC,MAAM,EAAE,MAAM,CAgB/D,CAAA"} |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"strip-absolute-path.js","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":";;;AAAA,0EAA0E;AAC1E,yCAAiC;AACjC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,iBAAK,CAAA;AAEnC,2BAA2B;AAC3B,4EAA4E;AAC5E,yEAAyE;AACzE,0CAA0C;AAC1C,4EAA4E;AAC5E,uEAAuE;AAChE,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IAChD,IAAI,CAAC,GAAG,EAAE,CAAA;IAEV,IAAI,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACxB,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,yDAAyD;QACzD,2CAA2C;QAC3C,MAAM,IAAI,GACR,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YACrD,GAAG;YACL,CAAC,CAAC,MAAM,CAAC,IAAI,CAAA;QACf,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC9B,CAAC,IAAI,IAAI,CAAA;QACT,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC,CAAA;AAhBY,QAAA,iBAAiB,qBAgB7B","sourcesContent":["// unix absolute paths are also absolute on win32, so we use this for both\nimport { win32 } from 'node:path'\nconst { isAbsolute, parse } = win32\n\n// returns [root, stripped]\n// Note that windows will think that //x/y/z/a has a \"root\" of //x/y, and in\n// those cases, we want to sanitize it to x/y/z/a, not z/a, so we strip /\n// explicitly if it's the first character.\n// drive-specific relative paths on Windows get their root stripped off even\n// though they are not absolute, so `c:../foo` becomes ['c:', '../foo']\nexport const stripAbsolutePath = (path: string) => {\n let r = ''\n\n let parsed = parse(path)\n while (isAbsolute(path) || parsed.root) {\n // windows will think that //x/y/z has a \"root\" of //x/y/\n // but strip the //?/C:/ off of //?/C:/path\n const root =\n path.charAt(0) === '/' && path.slice(0, 4) !== '//?/' ?\n '/'\n : parsed.root\n path = path.slice(root.length)\n r += root\n parsed = parse(path)\n }\n return [r, path]\n}\n"]} | ||
| {"version":3,"file":"strip-absolute-path.js","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":";;;AAAA,0EAA0E;AAC1E,yCAAiC;AACjC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,iBAAK,CAAA;AAEnC,2BAA2B;AAC3B,4EAA4E;AAC5E,yEAAyE;AACzE,0CAA0C;AAC1C,4EAA4E;AAC5E,uEAAuE;AAChE,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAoB,EAAE;IAClE,IAAI,CAAC,GAAG,EAAE,CAAA;IAEV,IAAI,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACxB,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,yDAAyD;QACzD,2CAA2C;QAC3C,MAAM,IAAI,GACR,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YACrD,GAAG;YACL,CAAC,CAAC,MAAM,CAAC,IAAI,CAAA;QACf,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC9B,CAAC,IAAI,IAAI,CAAA;QACT,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC,CAAA;AAhBY,QAAA,iBAAiB,qBAgB7B","sourcesContent":["// unix absolute paths are also absolute on win32, so we use this for both\nimport { win32 } from 'node:path'\nconst { isAbsolute, parse } = win32\n\n// returns [root, stripped]\n// Note that windows will think that //x/y/z/a has a \"root\" of //x/y, and in\n// those cases, we want to sanitize it to x/y/z/a, not z/a, so we strip /\n// explicitly if it's the first character.\n// drive-specific relative paths on Windows get their root stripped off even\n// though they are not absolute, so `c:../foo` becomes ['c:', '../foo']\nexport const stripAbsolutePath = (path: string): [string, string] => {\n let r = ''\n\n let parsed = parse(path)\n while (isAbsolute(path) || parsed.root) {\n // windows will think that //x/y/z has a \"root\" of //x/y/\n // but strip the //?/C:/ off of //?/C:/path\n const root =\n path.charAt(0) === '/' && path.slice(0, 4) !== '//?/' ?\n '/'\n : parsed.root\n path = path.slice(root.length)\n r += root\n parsed = parse(path)\n }\n return [r, path]\n}\n"]} |
@@ -263,3 +263,5 @@ "use strict"; | ||
| return true; | ||
| const parts = p.split('/'); | ||
| // strip off the root | ||
| const [root, stripped] = (0, strip_absolute_path_js_1.stripAbsolutePath)(p); | ||
| const parts = stripped.replace(/\\/g, '/').split('/'); | ||
| if (parts.includes('..') || | ||
@@ -296,4 +298,2 @@ /* c8 ignore next */ | ||
| } | ||
| // strip off the root | ||
| const [root, stripped] = (0, strip_absolute_path_js_1.stripAbsolutePath)(p); | ||
| if (root) { | ||
@@ -300,0 +300,0 @@ // ok, but triggers warning about stripping root |
@@ -1,2 +0,2 @@ | ||
| export declare const stripAbsolutePath: (path: string) => string[]; | ||
| export declare const stripAbsolutePath: (path: string) => [string, string]; | ||
| //# sourceMappingURL=strip-absolute-path.d.ts.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"strip-absolute-path.d.ts","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,aAgB7C,CAAA"} | ||
| {"version":3,"file":"strip-absolute-path.d.ts","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,KAAG,CAAC,MAAM,EAAE,MAAM,CAgB/D,CAAA"} |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"strip-absolute-path.js","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAA;AACjC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;AAEnC,2BAA2B;AAC3B,4EAA4E;AAC5E,yEAAyE;AACzE,0CAA0C;AAC1C,4EAA4E;AAC5E,uEAAuE;AACvE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IAChD,IAAI,CAAC,GAAG,EAAE,CAAA;IAEV,IAAI,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACxB,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,yDAAyD;QACzD,2CAA2C;QAC3C,MAAM,IAAI,GACR,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YACrD,GAAG;YACL,CAAC,CAAC,MAAM,CAAC,IAAI,CAAA;QACf,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC9B,CAAC,IAAI,IAAI,CAAA;QACT,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC,CAAA","sourcesContent":["// unix absolute paths are also absolute on win32, so we use this for both\nimport { win32 } from 'node:path'\nconst { isAbsolute, parse } = win32\n\n// returns [root, stripped]\n// Note that windows will think that //x/y/z/a has a \"root\" of //x/y, and in\n// those cases, we want to sanitize it to x/y/z/a, not z/a, so we strip /\n// explicitly if it's the first character.\n// drive-specific relative paths on Windows get their root stripped off even\n// though they are not absolute, so `c:../foo` becomes ['c:', '../foo']\nexport const stripAbsolutePath = (path: string) => {\n let r = ''\n\n let parsed = parse(path)\n while (isAbsolute(path) || parsed.root) {\n // windows will think that //x/y/z has a \"root\" of //x/y/\n // but strip the //?/C:/ off of //?/C:/path\n const root =\n path.charAt(0) === '/' && path.slice(0, 4) !== '//?/' ?\n '/'\n : parsed.root\n path = path.slice(root.length)\n r += root\n parsed = parse(path)\n }\n return [r, path]\n}\n"]} | ||
| {"version":3,"file":"strip-absolute-path.js","sourceRoot":"","sources":["../../src/strip-absolute-path.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAA;AACjC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;AAEnC,2BAA2B;AAC3B,4EAA4E;AAC5E,yEAAyE;AACzE,0CAA0C;AAC1C,4EAA4E;AAC5E,uEAAuE;AACvE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAoB,EAAE;IAClE,IAAI,CAAC,GAAG,EAAE,CAAA;IAEV,IAAI,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACxB,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,yDAAyD;QACzD,2CAA2C;QAC3C,MAAM,IAAI,GACR,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YACrD,GAAG;YACL,CAAC,CAAC,MAAM,CAAC,IAAI,CAAA;QACf,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC9B,CAAC,IAAI,IAAI,CAAA;QACT,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC,CAAA","sourcesContent":["// unix absolute paths are also absolute on win32, so we use this for both\nimport { win32 } from 'node:path'\nconst { isAbsolute, parse } = win32\n\n// returns [root, stripped]\n// Note that windows will think that //x/y/z/a has a \"root\" of //x/y, and in\n// those cases, we want to sanitize it to x/y/z/a, not z/a, so we strip /\n// explicitly if it's the first character.\n// drive-specific relative paths on Windows get their root stripped off even\n// though they are not absolute, so `c:../foo` becomes ['c:', '../foo']\nexport const stripAbsolutePath = (path: string): [string, string] => {\n let r = ''\n\n let parsed = parse(path)\n while (isAbsolute(path) || parsed.root) {\n // windows will think that //x/y/z has a \"root\" of //x/y/\n // but strip the //?/C:/ off of //?/C:/path\n const root =\n path.charAt(0) === '/' && path.slice(0, 4) !== '//?/' ?\n '/'\n : parsed.root\n path = path.slice(root.length)\n r += root\n parsed = parse(path)\n }\n return [r, path]\n}\n"]} |
@@ -224,3 +224,5 @@ // the PEND/UNPEND stuff tracks whether we're ready to emit end/close yet. | ||
| return true; | ||
| const parts = p.split('/'); | ||
| // strip off the root | ||
| const [root, stripped] = stripAbsolutePath(p); | ||
| const parts = stripped.replace(/\\/g, '/').split('/'); | ||
| if (parts.includes('..') || | ||
@@ -257,4 +259,2 @@ /* c8 ignore next */ | ||
| } | ||
| // strip off the root | ||
| const [root, stripped] = stripAbsolutePath(p); | ||
| if (root) { | ||
@@ -261,0 +261,0 @@ // ok, but triggers warning about stripping root |
+6
-6
@@ -5,3 +5,3 @@ { | ||
| "description": "tar for node", | ||
| "version": "7.5.9", | ||
| "version": "7.5.10", | ||
| "repository": { | ||
@@ -32,3 +32,3 @@ "type": "git", | ||
| "devDependencies": { | ||
| "@types/node": "^25.0.9", | ||
| "@types/node": "^25.3.3", | ||
| "chmodr": "^2.0.2", | ||
@@ -40,7 +40,7 @@ "end-of-stream": "^1.4.3", | ||
| "nock": "^13.5.4", | ||
| "prettier": "^3.8.0", | ||
| "prettier": "^3.8.1", | ||
| "rimraf": "^6.1.2", | ||
| "tap": "^21.5.0", | ||
| "tshy": "^3.1.0", | ||
| "typedoc": "^0.28.16" | ||
| "tap": "^21.6.2", | ||
| "tshy": "^3.3.2", | ||
| "typedoc": "^0.28.17" | ||
| }, | ||
@@ -47,0 +47,0 @@ "license": "BlueOak-1.0.0", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
2248412
0.04%- Lines of code
12725
0.01%No dependency changes