[Pkg-javascript-devel] Bug#715325: Bug#715325: npm: leaves lots of stuff in /tmp
Jérémy Lal
kapouer at melix.org
Wed Jul 10 21:30:50 UTC 2013
On 10/07/2013 18:59, Daniel Kahn Gillmor wrote:
> I notice that your message was sent privately to me,
> ../.. feel free to post copies of it to the BTS.
My mistake.
> On 07/10/2013 12:31 PM, Jérémy Lal wrote:
>> On 10/07/2013 18:17, Daniel Kahn Gillmor wrote:
>
>>> I confess i'm kind of amazed that node doesn't have any primitive like
>>> mkstemp(3), or if it does, that npm isn't using such a primitive.
>>
>> Using a module :
>> https://github.com/bruce/node-temp
>
> heh. and npm can't rely on that because the only way to install it is
> with npm itself, lovely :/
No, it's perfectly fine for npm to depend on a number of modules,
since npm tarball contains its own node_modules.
Upstream npm is relatively open to patches that separate functions in a module,
and node-temp seems well maintained.
>>> Has a CVE been requested or assigned for this yet? I'd be happy to make
>>> the request if you think that would be useful.
>>
>> I'm going to upload latest nodejs/npm to unstable this summer,
>> not so sure a CVE is worth it.
>
> I appreciate your staying on top of the uploads. I'm not sure how that
> relates to the relevance or worth of a CVE for the issue, though.
>
> I'll go ahead and request one unless there is a strong reason not to.
Okay.
Jérémy.
More information about the Pkg-javascript-devel
mailing list