The 'tar' node package needs to be updated

[jkim7]

Hi

Older versions of tar has a file called cb-never-called-1.0.1.tgz, and it triggers a warning on virus scans, could you guys upgrade to a newer version of tar to remove it?

thanks

• Node Version:
• Platform:
• Compiler:
• Module:

Verbose output (from npm or node-gyp):

Paste your log here, between the backticks. It can be:
  - npm --verbose output,
  - or contents of npm-debug.log,
  - or output of node-gyp rebuild --verbose.

[rvagg]

Please use a newer version of node-gyp, or npm if you are using it from there. This should already have been resolved.

[rvagg]

OK, I take that back. I don't know about the specific issue you're pointing out but it looks like a v5 of node-tar has been released. We should look at that.

[rvagg]

It looks like this was resolved in node-tar v3, isaacs/node-tar#72 (comment), we are on to v4 and I can't find the file in the package. So, indeed, upgrade your node-gyp or npm and it should go away. I'll deal with a node-tar upgrade separately.