silkentrance
commented
5 years ago Since tmp allows the user to specify arbitrary directories, I am not sure whether this is safe, especially with a user who is trying to lure the 'root' user on either platform into running a task 'nice' which in turn will run 'tmp -dir / --force-cleanup', and which will then begin to cleanup from '/', recursively.
Not to mention that 'nice' can always replace the original 'bin' script of tmp, when being executed as the 'root' user.
IMO, users should be using os provided mechanisms for creating and managing temporary directories instead of relying on this.
That being said, tmp is merely meant for providing temporary storage management to applications, and was never meant to provide any functionality to the casual end user.
Since https://github.com/zkat/npx has come out, it may be convienent to provide a bin file. Then someone can do
npx tmp --dir > ....