Skip to content

[BUG] Snyk scanning fails for all versions of npm #8992

@rrrutledge

Description

@rrrutledge

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Snyk published a high-severity issue in all versions of tar 7.5.7 and lower. The latest npm (v11.10.0) has package-lock set at version 7.5.7 for the tar dependency. Since my company blocks deploy with failing Snyk scans, now I can't deploy anything that has npm on it.

Expected Behavior

Update to tar 7.5.8 (or above) so my Snyk check passes.

Steps To Reproduce

No response

Environment

npm: v11.10.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingNeeds Triageneeds review for next steps

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions