[+] Starting reproduction at Sat Jan 17 07:55:59 UTC 2026
[+] Verified required commands are present
[+] Preparing npm project under /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/.repro_work/app
[+] Installing node-tar@7.5.2
[+] Confirmed node-tar version 7.5.2 (<= 7.5.2)
[+] Created target file outside extraction root: /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/secret.txt
[+] Running PoC script
[+] Secret file: /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/secret.txt
[+] Extraction directory: /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/.repro_work/out
[+] Crafted malicious archive at /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/.repro_work/exploit.tar
[+] Extracted archive with preservePaths=false
[+] Wrote EXPLOIT to /root/.pruva/runs/ghsa-8qq5-rm4j-mr97_20260117-075038/.repro_work/out/payload
[+] secret.txt now contains: EXPLOIT
[+] Reproduction successful: secret.txt overwritten via hardlink escape
[+] Validation complete: secret.txt was overwritten
[+] Reproduction complete