package

npm / tmp

pkg:npm/tmp

LOW 2.5 npm

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Modified: 2/4/2026

HIGH npm

tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Modified: 5/27/2026