tar is a full-featured Tar for Node.js.
Affected versions of this package are vulnerable to Symlink File Overwrite. It does not properly normalize symbolic links pointing to targets outside the extraction root. As a result, packages may hold symbolic links to parent and sibling directories and overwrite those files when the package is extracted.
tar to version 2.0.0 or higher.