{"package":"@pnpm/cafs","ecosystem":"npm","latest_version":"7.0.5","description":"A content-addressable filesystem for the packages storage","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/pnpm/pnpm/blob/main/store/cafs#readme","repository":"https://github.com/pnpm/pnpm/blob/main/store/cafs","downloads_weekly":35984,"health":{"score":48,"risk":"high","breakdown":{"maintenance":0,"popularity":10,"security":20,"maturity":15,"community":3},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-37478","severity":"high","summary":"pnpm incorrectly parses tar archives relative to specification","affected_versions":"<7.33.4|<7.33.4|<7.33.4|<7.33.4|<7.33.4|<7.33.4|<7.33.4|<7.33.4|<7.0.5|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8|>=8.0.0,<8.6.8","fixed_version":"8.6.8","source":"osv","published_at":"2023-08-01T17:00:55Z","in_kev":false,"epss_prob":0.01595,"epss_percentile":0.81746,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"7.0.5","total_count":74,"recent":["4.2.1","4.3.0","4.3.1","4.3.2","5.0.0","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","6.0.0","6.0.1","6.0.2","7.0.0","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":2,"first_published":"2020-04-25T21:17:41.120Z","last_published":"2023-07-17T09:29:46.764Z","dependencies_count":14,"dependencies":["@zkochan/rimraf","concat-stream","get-stream","gunzip-maybe","p-limit","path-temp","rename-overwrite","safe-promise-defer","ssri","strip-bom","tar-stream","@pnpm/fetcher-base","@pnpm/graceful-fs","@pnpm/store-controller-types"]},"bundle":{"size_kb":205.8,"gzip_kb":51.7,"dependency_count":14,"has_js_module":false,"has_side_effects":true,"scoped":true,"source":"bundlephobia"},"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"7.0.5","version_hint":"Update to >= 8.6.8 to fix known vulnerabilities","summary":"@pnpm/cafs@7.0.5 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}