Closed dhermes closed 5 years ago
We don't have a mitigation strategy for that. We run verdaccio as a single instance so it hasn't been an issue. The main place I can see potential problems is writing to a package's package.json
file. .tar.gz
files should be safe to overwrite.
Thanks for the quick response. My hope / guess is that writes are so much less common than reads that this shouldn't matter.
Feel free to close?
First, thank you @Remitly for this great
verdaccio
extension package.I'm curious if there is some mitigation or strategy in place? I.e. if multiple ~hosts~ workers are running
verdaccio
and two hosts try to write to the bucket fornpm publish
and there is a file collision.