Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

forever@4.0.3 requires minimist@~0.0.1 via a transitive dependency on optimist@0.6.0

The earliest fixed version is 1.2.6.

Also tar