On May 5, 2014, at 10:08 PM, Ritchie Young <[email protected]> wrote:
> As I'd mentioned previously on the mailing list, I have a security concern. I > don't think that it applies to versions of NodeJS past 0.8.x but you may like > to check that out. > > Full details here: > > http://egoless-self-promotion.blogspot.com.au/2014/05/nodejs-08x-may-leak-your-environment.html > > TLDR: The .lock-wscript file contains a dump of your environment variables > and may be inadvertently published along with your source-code. Aw, nice find. Not huge, but definitely worth knowing about! Thanks for the responsible disclosure, too.
smime.p7s
Description: S/MIME cryptographic signature
