search

sintaxi / surge

CLI for the surge.sh CDN
https://surge.sh
2.84k stars 135 forks source link

Usage of `tarr` instead of `node-tar` #426

Open infoxicator opened 3 years ago

infoxicator commented 3 years ago

The tarr module https://www.npmjs.com/package/tarr (with an extra r at the end) copy of the official node-tar package https://www.npmjs.com/package/tar was added in this commit

https://github.com/sintaxi/surge/commit/bf652192da4c9e6f2da4f197b31f62aeb9e401cd

what is the reason behind using tarr instead of the official tar package?

the name of that package makes it look like typo-squatting and a security threat, additionally I can't find the source code for the tarr package since it points to the github of the original one 👍

Francois-Esquire commented 3 years ago

@sintaxi any idea on this?

sintaxi commented 3 years ago

Good question. I forget the exact reason but I published tarr to freeze the node-tar codebase to resolve a dependency issue. This was some time ago so probably worth revisiting.