It would be nice if the security vulnerabilities could be fixed.
npm audit
npm warn Unknown user config "email". This will stop working in the next major version of npm.
# npm audit report
tar <=7.5.6
Severity: high
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization - https://github.com/advisories/GHSA-8qq5-rm4j-mr97
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS - https://github.com/advisories/GHSA-r6q2-hw4h-h46w
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal - https://github.com/advisories/GHSA-34x7-hfp2-rc4v
No fix available
node_modules/@capacitor/assets/node_modules/tar
@capacitor/cli 0.0.10 - 1.1.1 || 3.0.0-alpha.0 - 7.4.5 || 8.0.0-alpha.1 - 8.0.2-nightly-20260127T151145.0
Depends on vulnerable versions of tar
node_modules/@capacitor/assets/node_modules/@capacitor/cli
@capacitor/assets *
Depends on vulnerable versions of @capacitor/cli
node_modules/@capacitor/assets
3 high severity vulnerabilities
It would be nice if the security vulnerabilities could be fixed.