re: Four Security Principles That Software Developers Should Follow VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION

@robdwaller , here's a real world example that occurred yesterday.

Why people run npm with sudo makes no sense to me as you don't need to.

In this particular case, by giving npm too much privilege, it wreaked havoc on Linux file systems, Show-stopping bug appears in npm Node.js package manager | ZDNet.

Had npm been run with a non-root user (least privilege), this would not have happened. The issue has since been fixed with a patch.

I have to admit I hate NPM. I've scrapped entire boxes and started over because I've messed up an NPM install. It always feels more like sorcery than actual Dev ops. Always advise developers to be careful with Node and NPM.

code of conduct - report abuse