AzureStorageExplorer icon indicating copy to clipboard operation
AzureStorageExplorer copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Consider replacing `archiver` with a different dependency

Open MRayermannMSFT opened this issue 2 years ago • 2 comments

We use archiver to create zip and tar.gz archives. It has not received any updates in 8 months though: https://github.com/archiverjs/node-archiver/commits/master

We should consider finding a replacement if their security issues continue being ignored.

If we do, we should strive to use a dependency that seems maintained and brings in a small number of dependencies.

MRayermannMSFT avatar Apr 14 '22 16:04 MRayermannMSFT

Each platform comes with compression CLI tools. If we considered using those, we'd be able to eliminate the need for a dependency entirely. Bonus points if the tools are all the same.

craxal avatar Apr 15 '22 16:04 craxal

archiver ultimately responded to the security issue in just 5 days. I think that's pretty good. https://github.com/archiverjs/node-archiver/issues/583

Moving this to future...

MRayermannMSFT avatar Aug 09 '22 17:08 MRayermannMSFT