fstream @0.1.21
Advanced file system stream things
Maintainers
Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| mkdirp | 0.3 | auto_approved |
| rimraf | 2 | auto_approved |
| inherits | ~1.0.0 | auto_approved |
| graceful-fs | ~1.1.2 | auto_approved |
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| tap | auto_approved |
Transitive Dependency Tree
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-xf7w-r453-m56c |
osv | reject | AI | AI (osv): HIGH severity arbitrary file overwrite; affected range < 1.0.12 covers this version; fix available in 1.0.12. |
SAST Findings (2)
[Always reject] CVSS 7.5 (HIGH) — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Versions of `fstream` prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file. The `fstream.DirWriter()` function is vulnerable. ## Recommendation Upgrade to version 1.0.12 or later.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 1 info (+0).
Published to npm: