On 07/08/2013 03:33 AM, Jérémy Lal wrote: > On 08/07/2013 05:08, Shawn Landden wrote: > >> I installed a few packages yesterday, and today realized npm was wasting 50M >> of my ram with copies of what it downloaded still in /tmp/npm-# folders
I haven't tried to reproduce this yet, but it sounds to me like you
might be saying that the names of the /tmp/npm-# folders might be
predictably named (e.g. named after the process id). Is this the case?
If so, has anyone considered the possibility of an attack via
predictable paths in a world-writable directory?
>> it should clean this up, put it in /var/cache, and/or have a command to
>> clean up
>
> Issue reproduced.
> As a quick workaround, you can create ~/tmp and npm will use that instead.
> Otherwise i believe those leftovers are a bug.
it's buggy if it doesn't clean up, regardless of which tmp directory it
uses. and npm should probably be respecting $TMPDIR directly following
the standard unix conventions, rather than just assuming that the
magically-named ~/tmp is preferable to /tmp.
--dkg
signature.asc
Description: OpenPGP digital signature
