On 08/07/2013 05:08, Shawn Landden wrote:
Package: npm
Version: 1.2.18~dfsg-3
Severity: normal
I installed a few packages yesterday, and today realized npm was wasting 50M
of my ram with copies of what it downloaded still in /tmp/npm-# folders
it should clean this up, put it in
On 07/08/2013 03:33 AM, Jérémy Lal wrote:
On 08/07/2013 05:08, Shawn Landden wrote:
I installed a few packages yesterday, and today realized npm was wasting 50M
of my ram with copies of what it downloaded still in /tmp/npm-# folders
I haven't tried to reproduce this yet, but it sounds to me
On 08/07/2013 12:38, Daniel Kahn Gillmor wrote:
On 07/08/2013 03:33 AM, Jérémy Lal wrote:
On 08/07/2013 05:08, Shawn Landden wrote:
I installed a few packages yesterday, and today realized npm was wasting 50M
of my ram with copies of what it downloaded still in /tmp/npm-# folders
I
On 07/08/2013 07:55 AM, Jérémy Lal wrote:
I am curious about how `npm install mymodule` could be a target for an
attacker,
especially considering the temp directory is used only once (at (un)tar
times).
if the tmpdir is predictably-named (e.g. it is /tmp/npm-$PID), then an
attacker could
On 08/07/2013 14:23, Daniel Kahn Gillmor wrote: On 07/08/2013 07:55 AM, Jérémy
Lal wrote:
I am curious about how `npm install mymodule` could be a target for an
attacker,
especially considering the temp directory is used only once (at (un)tar
times).
if the tmpdir is predictably-named
Processing commands for cont...@bugs.debian.org:
forwarded 715325 https://github.com/isaacs/npm/issues/3635
Bug #715325 [npm] npm: leaves lots of stuff in /tmp
Set Bug forwarded-to-address to 'https://github.com/isaacs/npm/issues/3635'.
--
Stopping processing here.
Please contact me if you
On 08/07/2013 16:06, Dominique Dumont wrote:
On Monday 08 July 2013 14:36:24 Jérémy Lal wrote:
I still do not understand if this is really a security issue.
IMO if a program on your system does that, the whole system is compromised,
you can't really be hardening any software against it.
A