Safeguard
Open Source

adm-zip npm Security: Zip Slip Risks and Safe Extraction

adm-zip is a popular pure-JavaScript zip library for Node.js, and its history of path-traversal flaws makes safe extraction non-optional. Here is what went wrong and how to use it correctly.

Aisha Rahman
Security Analyst
5 min read

The adm-zip npm package is a pure-JavaScript library for reading and writing zip files in Node.js, and its main security concern is path traversal during extraction — the "Zip Slip" class of bug that let a malicious archive write files outside the target directory in older versions. If you use npm adm-zip anywhere that accepts uploaded or third-party archives, the version you run and how you call extractAllTo matter a great deal.

The appeal of adm-zip is that it has no native dependencies — no libzip, no build step — which makes it trivial to install anywhere Node runs. That same convenience is why it ended up in so many projects, and why its vulnerabilities had wide reach.

What Zip Slip is

A zip archive stores a filename for every entry. Nothing in the format stops that filename from containing ../ sequences. When an extractor naively joins the entry name onto the destination path, an entry named ../../../../root/.ssh/authorized_keys resolves to a location far outside where you meant to write. That is arbitrary file write, and file write frequently escalates to remote code execution — overwrite a startup script, a cron file, or an SSH key and you own the box.

This is not specific to adm-zip; it has hit extraction libraries across many languages. adm-zip's relevance is that it was one of the widely used Node libraries affected.

The vulnerable versions

Two documented issues are worth knowing.

CVE-2018-1002204 covers adm-zip before version 0.4.9. The library mishandled ../ in archive entry names during extraction, allowing directory traversal and arbitrary file write. The fix in 0.4.9 added a check that the resolved target path stays within the destination folder. This is confirmed on the NVD record for the CVE.

A second directory-traversal issue was reported later (tracked by Snyk as SNYK-JS-ADMZIP-1065796) and addressed by upgrading to adm-zip 0.5.2 or higher, which tightened the path-containment check. The practical takeaway is simple: run a current release. If your lockfile pins something below 0.5.2, that is a finding.

# Check what you actually have installed
npm ls adm-zip

# Upgrade to a patched line
npm install adm-zip@latest

Extracting safely even on a patched version

Upgrading is necessary but you should still extract defensively, because you may not control every transitive copy in your tree and defense in depth is cheap here.

const AdmZip = require('adm-zip');
const path = require('path');

function safeExtract(zipPath, destDir) {
  const zip = new AdmZip(zipPath);
  const resolvedDest = path.resolve(destDir);

  for (const entry of zip.getEntries()) {
    const target = path.resolve(resolvedDest, entry.entryName);
    // Reject anything that escapes the destination
    if (target !== resolvedDest && !target.startsWith(resolvedDest + path.sep)) {
      throw new Error('Blocked path traversal in archive: ' + entry.entryName);
    }
  }

  zip.extractAllTo(resolvedDest, /* overwrite */ true);
}

The key check is that every entry's resolved absolute path starts with the resolved destination directory followed by a path separator. Comparing raw strings without resolving first is a common mistake — symlinks and . segments will fool you.

Two more hardening steps:

  • Cap total extracted size and entry count to defend against zip bombs, where a tiny archive expands to gigabytes and exhausts disk or memory.
  • Watch for symlink entries; on some platforms an extracted symlink can redirect a later write outside the sandbox.

Where these bugs actually bite

Path-traversal-on-extract matters most when the archive is attacker-influenced: user file uploads, plugin or theme installers, importing a project export, or pulling an artifact from an external registry. If you only ever extract archives your own build produced, the risk is lower — but "we only extract our own zips" tends to stop being true the moment a feature ships that accepts uploads.

Because adm-zip is often pulled in transitively, you may be exposed without ever having typed npm install adm-zip. This is the everyday case for software composition analysis: an SCA tool reads your lockfile, finds the buried adm-zip, and maps its version to the known advisories. An SCA tool such as Safeguard can flag this transitively so you learn about the vulnerable copy three levels down before an attacker does.

Keeping it fixed

Patching once does not keep you patched. New advisories land, and dependency updates can quietly reintroduce an old version through a sub-dependency. Add dependency scanning to CI and gate on newly introduced advisories. For a deeper look at how transitive risk accumulates and how to manage it, our SCA product page covers the workflow end to end.

FAQ

Which adm-zip version is safe?

Run 0.5.2 or later at minimum; staying on the latest release is best. Versions before 0.4.9 are affected by CVE-2018-1002204, and a further directory-traversal fix landed in 0.5.2. Anything below that in your lockfile should be upgraded.

Is Zip Slip only an adm-zip problem?

No. Zip Slip is a general class of extraction bug that has affected libraries in many languages and ecosystems. adm-zip is one well-known Node example. The safe-extraction pattern of validating resolved paths applies whatever library you use.

Can I be affected without installing adm-zip directly?

Yes. adm-zip is frequently a transitive dependency, so a vulnerable copy can live deep in your tree. Dependency scanning that reads the full lockfile is the reliable way to find it.

Does extracting my own archives carry the same risk?

The risk is much lower when the archive is fully under your control, but code changes over time. If any code path can extract an uploaded or third-party archive, apply the safe-extraction check regardless of the library version.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.