As of this post, the npm package, tar, has the security vulnerability, Arbitrary File Overwrite. The tar package is not a direct dependency of eyeglass, instead tar is an indirect dependency through the chain of eyeglass > node-sass > node-gyp > tar.
Once tar has released a security fix and that fix has propagated to node-sass, please update the package dependencies.
As of this post, the npm package, tar, has the security vulnerability, Arbitrary File Overwrite. The
tar
package is not a direct dependency ofeyeglass
, insteadtar
is an indirect dependency through the chain ofeyeglass > node-sass > node-gyp > tar
.Once
tar
has released a security fix and that fix has propagated tonode-sass
, please update the package dependencies.