extract-zip
unzip a zip file into a directory using 100% javascript
24
Versions
BSD-2-Clause
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
maleptmaxogden
Keywords
unzipzipextract
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:yauzl | AI (dependencies): yauzl is a well-known, widely-used ZIP parsing library; its use in extract-zip is expected and appropriate for this package's purpose. | ai | |
| dependencies | unvetted-dep:@types/yauzl | AI (dependencies): @types/yauzl is a TypeScript type definition package used as an optional dependency; this is a benign, conventional pattern for TypeScript-supporting packages. | ai | |
| provenance | no-provenance | AI (provenance): Established package (4205 days old) with a strong publisher track record; lack of provenance is common and not a security concern here. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from maxogden to malept occurred in 2018; malept is a known Electron ecosystem contributor with a clean track record. Transition is legitimate and stable. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): malept was added as maintainer in 2018 as part of a legitimate handoff; no adverse signals across 4+ years of subsequent versions. | ai | |
| phantom-deps | phantom-dep:@types/yauzl | AI (phantom-deps): @types/yauzl is an optional TypeScript type definition package; it is never directly imported in JS code but used by convention. This is stable and expected for this package. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 2.0.1 | 4 / 16 | |
| 2.0.0 | 4 / 16 | |
| 1.7.0 | 4 / 4 | |
| 1.6.8 | 4 / 4 | |
| 1.6.7 | 4 / 4 | |
| 1.6.6 | 4 / 4 | |
| 1.6.5 | 4 / 4 | |
| 1.6.4 | 4 / 3 | |
| 1.6.3 | 4 / 3 | |
| 1.6.2 | 4 / 3 | |
| 1.6.1 | 4 / 3 | |
| 1.6.0 | 4 / 3 | |
| 1.5.0 | 4 / 3 | |
| 1.4.1 | 4 / 3 | |
| 1.4.0 | 4 / 3 | |
| 1.3.0 | 5 / 3 | |
| 1.2.0 | 5 / 3 | |
| 1.1.2 | 5 / 3 | |
| 1.1.1 | 5 / 3 | |
| 1.1.0 | 5 / 3 | |
| 1.0.3 | 7 / 1 | |
| 1.0.2 | 7 / 1 | |
| 1.0.1 | 7 / 1 | |
| 1.0.0 | 7 / 1 |