Skip to content

npm audit: 5 vulnerabilities (3 high) – tar path traversal, minimatch ReDoS #9

New issue
New issue
Closed
Closed
npm audit: 5 vulnerabilities (3 high) – tar path traversal, minimatch ReDoS#9
Labels
dependenciesDependency updates
@jhjdev

Description

@jhjdev
jhjdev
opened on Mar 4, 2026

npm Audit: 5 Vulnerabilities (3 High)

Audit Date: 2026-03-04

High Severity

  • minimatch – Multiple ReDoS vulnerabilities (affects @expo/cli, @expo/config-plugins, @typescript-eslint, and others)
  • tar – Arbitrary File Creation/Overwrite via Hardlink Path Traversal + Symlink chain escape
  • @isaacs/brace-expansion – Uncontrolled Resource Consumption

Moderate Severity

  • ajv – ReDoS with $data option

Other

  • fastify – DoS via Unbounded Memory Allocation in sendWebStream

Resolution

Stale Snyk PRs (#6, #7, #8) were closed due to merge conflicts. Run npm audit fix manually to apply available fixes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesDependency updates

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions