How to destroy PROD with npm

in npm •  7 years ago 


So, npm 5.7.0 had a little bug:

By using sudo npm on a non-root user (root users do not have the same effect), filesystem permissions are being modified. For example, if I run sudo npm --help or sudo npm update -g, all commands starting with sudo npm cause my filesystem to change ownership of directories such as /etc, /usr, /boot, and other critical directories needed for running the system to the current user running the command.

If you were running npm 5.7.0 on a prod environment, it would have destroyed your server.
At that point the only thing for you to do would have been, to look for your backups and replay those.

But those minor details aside, just look at the github thread and the resulting fail tweet.

This is not very professional.
But, it is just npm..
And one user sums this up perfectly:

For those using npm on business production servers: If your stack needs node.js to function you may reconsider the core structure of it. There is no place for a toy language in large to mid-sized enterprises.

npm fail bughunt toylanguage
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$1.17
  • Past Payouts $1.17
  • - Author $1.02
  • - Curators $0.15
25 votes
4
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  7 years ago 

    This post has been upvoted by @microbot with 29.5%!
    Thank you for giving your trust and witness vote to my creator @isnochys!

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      [-]
        ·  7 years ago 

      This post has received a 0.24 % upvote from @drotto thanks to: @banjo.

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00
        [-]
          ·  7 years ago 

        This post has been upvoted by @minibot with 60.0%!
        Thank you for giving your trust and witness vote to my creator @isnochys!

        Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

        • Disagreement on rewards
        • Fraud or plagiarism
        • Hate speech or trolling
        • Miscategorized content or spam

        Submit
        $0.00
          [-]
            ·  7 years ago 

          Congratulations! This post has been upvoted from the communal account, @minnowsupport, by isnochys from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

          If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
          Be sure to leave at least 50SP undelegated on your account.

          Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

          • Disagreement on rewards
          • Fraud or plagiarism
          • Hate speech or trolling
          • Miscategorized content or spam

          Submit
          $0.00