tar plugin for decompress
License: MIT License
tar decompress plugin
$ npm install decompress-tar
const decompress = require('decompress');
const decompressTar = require('decompress-tar');
decompress('unicorn.tar', 'dist', {
plugins: [
decompressTar()
]
}).then(() => {
console.log('Files decompressed');
});Returns both a Promise for a Buffer and a Duplex stream.
Type: Buffer Stream
Buffer or stream to decompress.
MIT © Kevin Mårtensson
I had error like when install optipng-bin module
/bin/sh: ./configure: Permission denied
I spent some time and found where is the problem:
I think must be test for this situation. But I do not sure in which module:
Hello, there is a vulnerability detected by Snyk that is affecting other packages using this one (like decompress ).
https://security.snyk.io/package/npm/decompress-tar
Is there any chance to fix it or suggest a solution? Thanks
Snyk reports a security vulnerability in the last version of the package.
https://snyk.io/test/npm/decompress-tar/4.1.1
Hello,
could you please raise the tar-stream dependency to latest 2.x version to get rid of the vulnerable bl package (CVE-2020-8244).
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
Please also release a new version.
Thanks,
Gregor
This module can't be used directly because it does not use a transpiler.
Looks like the last commit was in 2017. Is this project still maintained or should it be considered EOL?
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
I have problems decompressing Linux kernel because symlinks like https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/arch/arm/boot/dts/include/dt-bindings?id=refs/tags/v4.3.3 are converted to empty files. I've found that we are not filling the linkpath field nor the symlink type, that probably that's the reason why it's not working.
how to prove decompress-4.2.1 is not vulnerable?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.