CVE-2026-24842 tar version 7.5.4

[huakaibird]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

The npm tar 7.5.4 has a high CVE (reported by our security scanning tool)
CVE-2026-24842

CVE-2026-24842

tar 7.5.7 has the issue fixed, when npm would have a new release to fix this?

Environment

• npm: 11.8.0
• Node.js:
• OS Name:
• System Model Name:
• npm config:

; copy and paste output from `npm config ls` here

[lucas-gomes-santana]

I found a similar issue on pnpm repository and I made a PR to solve the problem that already has been merged: pnpm/pnpm#10539

I will fork the repository and research about this here.

[lucas-gomes-santana]

I found a similar issue on pnpm repository and I made a PR to solve the problem that already has been merged: pnpm/pnpm#10539

I will fork the repository and research about this here.

This Issue about tar dependency is already solved on #8951 PR. Now is wait for a new release.

[ArthurQQII]

I found a similar issue on pnpm repository and I made a PR to solve the problem that already has been merged: pnpm/pnpm#10539
I will fork the repository and research about this here.

This Issue about tar dependency is already solved on #8951 PR. Now is wait for a new release.

Really appreciate your hard work and efficiency, mate!