[Pkg-javascript-devel] Bug#715325: Bug#715325: Bug#715325: npm: leaves lots of stuff in /tmp
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 8 10:38:23 UTC 2013
On 07/08/2013 03:33 AM, Jérémy Lal wrote:
> On 08/07/2013 05:08, Shawn Landden wrote:
>
>> I installed a few packages yesterday, and today realized npm was wasting 50M
>> of my ram with copies of what it downloaded still in /tmp/npm-# folders
I haven't tried to reproduce this yet, but it sounds to me like you
might be saying that the names of the /tmp/npm-# folders might be
predictably named (e.g. named after the process id). Is this the case?
If so, has anyone considered the possibility of an attack via
predictable paths in a world-writable directory?
>> it should clean this up, put it in /var/cache, and/or have a command to clean up
>
> Issue reproduced.
> As a quick workaround, you can create ~/tmp and npm will use that instead.
> Otherwise i believe those leftovers are a bug.
it's buggy if it doesn't clean up, regardless of which tmp directory it
uses. and npm should probably be respecting $TMPDIR directly following
the standard unix conventions, rather than just assuming that the
magically-named ~/tmp is preferable to /tmp.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20130708/ae23b4fc/attachment.sig>
More information about the Pkg-javascript-devel
mailing list