VYPR

npm package

compressing

pkg:npm/compressing

Vulnerabilities (2)

  • CVE-2026-40931HigApr 21, 2026
    affected >= 2.0.0, < 2.1.1fixed 2.1.1

    Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination direc

  • CVE-2026-24884Feb 4, 2026
    affected >= 2.0.0, < 2.0.1fixed 2.0.1

    Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an