testcontainers-node icon indicating copy to clipboard operation
testcontainers-node copied to clipboard
verified publisher icon testcontainers

Replace `archiver` with lighter alternative

Open benmccann opened this issue 4 months ago • 1 comments

archiver has 64 dependencies and weighs over 7mb: https://npmgraph.js.org/?q=archiver https://pkg-size.dev/archiver

Some of those dependencies were just compromised: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack. It's also responsible for about half the dependencies in this project

Perhaps it could be replaced with a lighter alternative like https://github.com/ayuhito/modern-tar? Or alternatively, tar or tar-stream (which is what archiver uses internally)?

benmccann avatar Sep 11 '25 16:09 benmccann

Makes sense, PR welcome!

cristianrgreco avatar Sep 17 '25 08:09 cristianrgreco