June 2025
Intermediate to advanced
837 pages
24h 50m
English
As previously mentioned, npm poses a security risk that shouldn’t be underestimated. To demonstrate this, there was a package called rimrafall in the npm repository some time ago. This package served no other purpose than to run rm -rf /* /.* on a machine and thus delete all files. The following sections describe in detail how this works. However, this action caused many people to now question the trustworthiness of npm packages before installing them.
The npm is a very powerful tool, and for this very reason, you should be very careful when using it in conjunction with your computer’s administrator account. A sudo npm install paketX on a Unix system will cause the process to run as ...
Read now
Unlock full access