dependency [tar] version is too low

[fattydevelop]

tar ^2.2.1 is too low to work with other modules that use the latest tar.

for example tar.Extract => tar.extract

[dtruffaut]

I agree that causes problems when downloading for example Google Firebase :

node-pre-gyp info using node-pre-gyp@0.6.39
node-pre-gyp info using node@8.9.1 | win32 | x64
node-pre-gyp info check checked for "C:\Program Files\nodejs\aaa\node_modules\grpc\src\node\extension_binary\grpc_node.node" (not found)
node-pre-gyp http GET https://storage.googleapis.com/grpc-precompiled-binaries/node/grpc/v1.1.0/node-v57-win32-x64.tar.gz
node-pre-gyp ERR! UNCAUGHT EXCEPTION
node-pre-gyp ERR! stack TypeError: require(...).Extract is not a function
node-pre-gyp ERR! stack     at C:\Program Files\nodejs\aaa\node_modules\node-pre-gyp\lib\install.js:79:40

Content fo the line is :

var extracter = require('tar').Extract({ path: to, strip: 1});

"Extract" sould be replaced by "extract"

[igor-savin-ht]

Also older tar comes with known insecure transitive dependencies:

tar@2.2.1 > fstream@1.0.11 > rimraf@2.6.2 > glob@7.1.2 > minimatch@0.3.0

[givanse]

Looks like this issue can be closed. https://github.com/mapbox/node-pre-gyp/pull/299