tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.
No known vulnerabilities have been found for this package in Snyk's vulnerability database.