As of this post, the npm package, tar, has the security vulnerability, Arbitrary File Overwrite. The tar package is not a direct dependency of eyeglass, instead tar is an indirect dependency through the chain of eyeglass > node-sass > node-gyp > tar.
Once tar has released a security fix and that fix has propagated to node-sass, please update the package dependencies.
As of this post, the npm package, tar, has the security vulnerability, Arbitrary File Overwrite. The
tarpackage is not a direct dependency ofeyeglass, insteadtaris an indirect dependency through the chain ofeyeglass > node-sass > node-gyp > tar.Once
tarhas released a security fix and that fix has propagated tonode-sass, please update the package dependencies.