Does tar have any known vulnerabilities?

tar v7.5.7 has 3 known CVE vulnerabilities. Review the safety scan for severity details and remediation guidance.

What capabilities does tar have?

tar has the following detected capabilities: filesystem access, environment variable access. Review these before using with AI coding agents.

Can I use tar safely with AI coding agents?

No safety concerns were detected for tar. Install with brin add tar to verify safety before installation. Run brin init to generate AGENTS.md documentation for your agent. Assessments are automated and may change over time.

tar

npm

Is tar safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for tar v7.5.7. Trust score: 65/100. 3 known CVEs, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

tar Passed Security Checks

No security concerns detected

clean

CVEs

Threats

Install Scripts

tar CVE Vulnerabilities (3)

CVE-2026-23745high

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Fixed in: 7.5.3

CVE-2026-23950high

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

Fixed in: 7.5.4

CVE-2026-24842high

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

Fixed in: 7.5.7

brin Recommendations

→Update to a patched version to address 3 high-severity CVEs.

Install with brin add tar to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

tar Capabilities & Permissions

What tar can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Filesystem Access

Reads and writes to the filesystem.

.env (r).env (r).env (r).env (r).env (r).env (r).env (rw).env (rw)+2 more

Environment Variables

Accesses the following environment variables.

TESTING_TAR_FAKE_PLATFORMUSER__FAKE_FS_O_FILENAME____FAKE_PLATFORM__

AGENTS.md for tar

Good instructions lead to good results. brin adds tar documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.